server compromise (cPanel)

Eric Oyen eric.oyen at icloud.com
Fri May 25 15:29:55 MST 2018


well,
to begin with, your hosting provider failed to patch something and tried to shift blame. It is their problem and they are required to solve it.

btw, that looks like some bot activity and I am fairly certain that one of those items looks a lot like a torrent tracker. 

IS yours the only account on that machine? if not, how many other users might be affected by this?

Now, as for mode of infiltration, assuming they didn't have your credentials, it is possible that an injection exploit was used. 

Now, this area is more my forte, but I am, by no means, a certified expert. 

Anyway, time to call them back and have a chat with their operations manager and inform them that they have been breached and should be doing something about it. If they continue blame shifting, it might be time to consider dropping them entirely. that's my 2 cents worth.

-eric



More information about the PLUG-discuss mailing list