Locate Compromised Site on Server?

Ebad

• January 06, 2016 18:25

Hi friends, Today my data center suspend my VPS for DDOS attach reasons. they say one of my clients that have WordPress website, start DDOS attach to another websites using xmlrpc. but i didn't know which of my customers abused! Please tel me how i can find which of my clients start DDOS attack. because i must terminate that from my VPS. Also please tel me how i can prevention from same issue in next? Thanks bodies

• 

  24x7server

  • January 07, 2016 10:53

  Hello :), Can you please scan your all account with Linux Malware Detect and check if you have any infected file. Also try with following commands
  find /home*/*/public_html/ -type f -name ".sd0" find /home*/*/public_html/ -type f -name "*php" -exec grep -l "/usr/bin/host" {} \;
  Please check it : Outbound wp-login.php brute force attack from my cpanel server

  0
• 

  cPanelMichael

  • January 07, 2016 15:25

  Hello :) In addition to the previous post, there's also a recent thread on the WordPress xmlrpc attack at: Is this xmlrpc brute force amplification attack? Thank you.

  0

Please sign in to leave a comment.