Server Possibly Compromised

Benito

• November 09, 2016 13:52

Hello! Anyone knows bitninja? Yesterday i got a warning from our datacenter, they received an automated complaint from Bitninja. They say one of our servers is attacking their hosts. After i contact them for furter details only gives me this report: - Removed - I found really hard to figure where in my server the attack is originated. Any suggestion? Thanks

• 

  Infopro

  • November 09, 2016 19:14

  If you're unsure how to check your server for compromise you should hire someone to help. It does indeed sound like you've got some sort of script on your server doing bad things. This isn't an issue with your cPanel though, you need some advice on security, not cPanel assistance.

  0
• 

  Eminds

  • November 10, 2016 11:24

  You will need to scan your server with either clamav or maldet in order to locate the malicious files and scripts. Such scripts can generate DDOS attacks, port scanning and SYN Attacks on the other hosts causing issues to their services.

  0
• 

  SysSachin

  • November 10, 2016 12:11

  Hello Benito, I am agree with Infopro. You have to need scan all websites data also need to enable mod_security on the server.

  0
• 

  dld

  • November 10, 2016 13:13

  You might also install ConfigServer firewall. Not only will it help block future attacks, but it also includes its own version of ClamAV to scan your present situation.

  0

Please sign in to leave a comment.