well, taking a closer look at some of the entries…
Definitely a word press look-alike. I also noted the MS IIS injection and there appears to be references to ads (all of which might be infected).
btw, one additional thing that the hosting provider might want to look for: crypto mining processes. This is something new that has been cropping up in other places.
and lastly, they will need to check out their router hardware to make sure it isn't infected (some news there as well over the last week).
-eric
On May 25, 2018, at 3:34 PM, Carruth, Rusty wrote:
> Indeed, I tend to agree with Eric here.
>
> And I think I'd like to know who it is - don't remember if you ever dropped that info... :-) If its hostgator then I'll be on the phone to them also.
>
>
> -----Original Message-----
> From: PLUG-discuss [mailto:plug-discuss-bounces@lists.phxlinux.org] On Behalf Of Eric Oyen
> Sent: Friday, May 25, 2018 3:30 PM
> To: Main PLUG discussion list
> Subject: Re: server compromise (cPanel)
>
> well,
> to begin with, your hosting provider failed to patch something and tried to shift blame. It is their problem and they are required to solve it.
>
> btw, that looks like some bot activity and I am fairly certain that one of those items looks a lot like a torrent tracker.
>
> IS yours the only account on that machine? if not, how many other users might be affected by this?
>
> Now, as for mode of infiltration, assuming they didn't have your credentials, it is possible that an injection exploit was used.
>
> Now, this area is more my forte, but I am, by no means, a certified expert.
>
> Anyway, time to call them back and have a chat with their operations manager and inform them that they have been breached and should be doing something about it. If they continue blame shifting, it might be time to consider dropping them entirely. that's my 2 cents worth.
>
> -eric
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss