Script Capturing Login Details on New Account?
Hello how are you ?
Today I received a new order for a shared hosting package.
When checking the site of the new order, I came across a script that captures all the login details of the database and login from the cpanel control panel.
When I visit the client site I came across a list of .txt files with user names and when I opened the file I came across the login details of the database and control panel login of every shared hosting hosted on it server.
The script is PHP!
I would like to know how I can handle this to avoid again in the future!
Thank you!
-
This sounds awfully like your server has been exploited - possibly by a Web Shell which are often written in PHP Search in your favourite search engine for web shell php and see if you recognise anything. As for cleaning it up ...... first you need to know if the exploit can access files on other accounts and/or inside the operating system. If there is ANY suspicion that the exploit has escaped out of the account where you found it, the only way to ensure you have dealt with it, is to reinstall the server from scratch. See Why can't I clean a hacked machine - cPanel Knowledge Base - cPanel Documentation If you are confident that the compromise was limited to the new account, you could perhaps run a system wide clamscan, and also install and run a tool like Rootkit Hunter or chkrootkit, however it may be too late to get a true detection rate as the signatures of system files may have already been changed. Going forwards, when you are satisfied your server is 100% free of any malware or compromise, you should take a look at : Tips to Make Your Server More Secure - cPanel Knowledge Base - cPanel Documentation Recommended Security Settings - cPanel Knowledge Base - cPanel Documentation 0 -
Hi @Adrian Gonzales The advice provided by @rpvw here is solid, please let us know if you have any questions or concerns once reading through the documentation links he provided. Thanks! 0
Please sign in to leave a comment.
Comments
2 comments