Good day All.

I am a junoir server admin at an ISP in south Africa.

We have a problem were one of our clients accounts on cpanel has been hacked.

The scripts that were dropped on the server has cause the whole server to become unstable.

I am looking for any advice as to what and where i should b looking.

Thank you for any assistance

Recommended Answers

Is this a web server? Or just a system that is accessible via the internet?

Jump to Post

All 3 Replies

Is this a web server? Or just a system that is accessible via the internet?

It is on a web hosting server

Hello,

I would start with what processes are running on the server and what is calling the offending scripts. If you run
ps auxf
you will see all of the processes in a tree format showing what called what so you can stop the scripts. CPanel has some built in security applications that can help you stop the scripts and block their future installation. Check them out.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of 1.20 million developers, IT pros, digital marketers, and technology enthusiasts learning and sharing knowledge.