Skip to main content

Restrict user from accessing other cPanel account files

Comments

7 comments

  • cPRex Jurassic Moderator
    Hey there! We'd need much more information before being able to provide you with any details. The type of hack would be good to know, as I would expect something to require root-level access to the machine to spread across accounts. We do have security tools that run whenever we log into a machine through our ticket system, so if you submit a ticket our team could check and see if they can determine the reason behind the server compromise.
    0
  • Hamla
    Hello cPRex, Thank you so much for jumping in to help! The malware in most cases is phishing(social engineering) so it's just a few scripts that pretend to be something else. I am fully aware of what it is for and why, but it is quite hard for me to identify how they got in in the first place. Was it an outdated plugin in CMS, someone's password got leaked or there is a major flaw in my setup! I'll create a ticket and provide an access to the server. As I have(I hope so) removed the current malware wave, you can find the examples in the Imunify(should keep the copy for another 24h most likely). Thanks in advance
    0
  • cPRex Jurassic Moderator
    That sounds great - if you could post the ticket number here so I can follow along that would be helpful as well.
    0
  • Hamla
    Sure thing! Ticket #94434730
    0
  • cPRex Jurassic Moderator
    Thanks - I'm following along with that ticket now.
    0
  • Hamla
    David responded to the ticket and provider a very detailed response. It appears that things are alright from the server-side and that malware is most likely being injected via CMS. We'll manage this on our own from this point :)
    0
  • cPRex Jurassic Moderator
    Thanks for posting that update!
    0

Please sign in to leave a comment.