Locate Compromised Site on Server

webstyler

• January 14, 2017 04:14

Hi we have receive more email alert to abuse mail adress for network attack. Seems 1 site inside cPanel VM are sent brute force login to remote WP HOW found what site on server are make this attack ? Thanks

• 

  NixTree

  • January 15, 2017 05:21

  can you see if you have any process like /usr/bin/host running ? If so do a lsof -p "PID of the above process" and you can get the account which is causing this.

  0
• 

  Eminds

  • January 16, 2017 03:17

  This issue is not related to cpanel, you have to hire an expert in order to investigate the issue with your server. If your server provider is providing management services, consult with them as finding out cause of such issues needs through investigation.

  0
• 

  cPanelMichael

  • January 16, 2017 16:12

  Hello, This topic is discussed on the following threads: Prevent wordpress Brute Force Attacks Outbound wp-login.php brute force attack from my cpanel server Thank you.

  0

Please sign in to leave a comment.