Indeed, I tend to agree with Eric here.

And I think I'd like to know who it is - don't remember if you ever dropped that info... :-)  If its hostgator then I'll be on the phone to them also.


-----Original Message-----
From: PLUG-discuss [mailto:plug-discuss-bounces@lists.phxlinux.org] On Behalf Of Eric Oyen
Sent: Friday, May 25, 2018 3:30 PM
To: Main PLUG discussion list
Subject: Re: server compromise (cPanel)

well,
to begin with, your hosting provider failed to patch something and tried to shift blame. It is their problem and they are required to solve it.

btw, that looks like some bot activity and I am fairly certain that one of those items looks a lot like a torrent tracker. 

IS yours the only account on that machine? if not, how many other users might be affected by this?

Now, as for mode of infiltration, assuming they didn't have your credentials, it is possible that an injection exploit was used. 

Now, this area is more my forte, but I am, by no means, a certified expert. 

Anyway, time to call them back and have a chat with their operations manager and inform them that they have been breached and should be doing something about it. If they continue blame shifting, it might be time to consider dropping them entirely. that's my 2 cents worth.

-eric

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss