My cPanel server is compromised

webguyz

• March 22, 2014 11:37

Noticed a huge spike in my inbound traffic recently and noticed that it was the ip of my shared cPanel server. Looking at my lanalyzer it showed a lot of dns queries and then a lot of queries to port 80 on all kinds of websites from the IP of my cPanel server. I ran Top utility to see if I can find anything and the only thing I saw was a cpanel user who was running 'phpize' for several hours. It appears to me that something is on my system that is looking for vulnerabilities on other servers. Not sure where to start looking for something like this. I looked at the logs of the user that was running this phpize and don't see anything error_logs

• 

  24x7server

  • March 23, 2014 06:28

  Hello, I will suggest you please check your server through : [url=http://docs.cpanel.net/twiki/bin/view/AllDocumentation/CompSystem]Determine Your System's Status Also you can scan your server through Linux Malware Detect (LMD) You will get the all infected files in maldect scan report

  0
• 

  cPanelMichael

  • April 02, 2014 18:42

  Hello :) Do you have any firewall management utilities such as CSF installed on your system? This might help to limit the offending traffic. You may also want to consult with a qualified system administrator for assistance if you are not able to determine the source of the attack. Thank you.

  0

Please sign in to leave a comment.