CryptPHP malware warning from DataCenter

armin654

• November 23, 2014 02:51

Dear Cpanel Users. I know that this vulnerability is totally related to Wordpress,Joomla,Drupal and not Cpanel itself. But i have some questions about investigating the issue on CentOS as i can't manage the network analysis on this case. This is the warning that we have got from Datacenter: - Removed - Despite the given instruction in the warning message, my question is to know how to realize which domain had outgoing traffic to the destination 192.42.116.41 Which Tool do we need to use and which log do we need to review which give us the detailed information about the website which had connection to outgoing destination with IP address of "192.42.116.41" Any help on this specific case is appreciated also if you have any experience in facing with CryptPHP please kindly share it here. Best Regards

• 

  Infopro

  • November 23, 2014 08:50

  re: CryptPHP malware warning from DataCenter Please continue working with your Hosting Provider on this issue.

  0
• 

  armin654

  • November 23, 2014 09:51

  Re: CryptPHP malware warning from DataCenter Dear friend It is all about me as i'm managing this server and i haven't ever faced with this issue. I'm trying to read the logs of exim and other logs to finding any connection to the mentioned IP address to find out the reasons. This is our Cpanel Server on which we are hosting many wordpress and joomla websites. Please kindly don't remove the warning message as this topic can help other server owners on the same situation

  0
• 

  Infopro

  • November 23, 2014 14:19

  Re: CryptPHP malware warning from DataCenter There are plenty of threads on these forums and others that you might look into for tips on viewing logs of your system. cPanel cannot assist you with a compromised server. For that, you should hire an expert.

  0

Please sign in to leave a comment.