Good day All.
I am a junoir server admin at an ISP in south Africa.
We have a problem were one of our clients accounts on cpanel has been hacked.
The scripts that were dropped on the server has cause the whole server to become unstable.
I am looking for any advice as to what and where i should b looking.
Thank you for any assistance
Jump to PostIs this a web server? Or just a system that is accessible via the internet?
Is this a web server? Or just a system that is accessible via the internet?
It is on a web hosting server
Hello,
I would start with what processes are running on the server and what is calling the offending scripts. If you runps auxf
you will see all of the processes in a tree format showing what called what so you can stop the scripts. CPanel has some built in security applications that can help you stop the scripts and block their future installation. Check them out.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.