Hi,
sorry for question i am not expert of csx.I have a lot of alert from csx from different account.
example:
Scanning web upload script file...
Time : Wed, 18 May 2022 12:48:55 +0200
Web referer URL : www.google.com
Local IP : 51.255.xx.xx
Web upload script user : nobody (99)
Web upload script owner: xxxx(1017)
Web upload script path : /home/xxxx/public_html/wp-admin/admin-ajax.php
Web upload script URL : https://xxxx.it/wp-admin/admin-ajax.php
Remote IP : 217.xx.xx.xx
Deleted : No
Quarantined : Yes [/home/quarantine/cxscgi/20220518-124855-YoTPFzLid5hmo5CNLpRzTgAAAIE-file-LXcXV7.1652870935_1]
'/tmp/20220518-124855-YoTPFzLid5hmo5CNLpRzTgAAAIE-file-LXcXV7'
(compressed file: .sp3ctra_XO.php [depth: 1]) Known exploit = [Fingerprint Match] [PHP Upload Exploit [P2000]]
file is blocked and quarantine so i think i am safe. but how stop this? and where is the problem ? i can prevent it?
thanks for help
help with Exploit
Re: help with Exploit
@leonep
What I first do is to check on the public folder were the file was blocked if there are any directories with CHMOD 777, as it is a door open for files to be uploaded to your server. If there are, then change all of them to 755. That is the first step to check.
What I first do is to check on the public folder were the file was blocked if there are any directories with CHMOD 777, as it is a door open for files to be uploaded to your server. If there are, then change all of them to 755. That is the first step to check.
Re: help with Exploit
thanks for help sergio
permissions looks safe 755 on directory
the alert comes some different account so i check 5 of them.
may be a distributed atteck or something like this to find a website vulnerable ...
thanks
permissions looks safe 755 on directory
the alert comes some different account so i check 5 of them.
may be a distributed atteck or something like this to find a website vulnerable ...
thanks
Re: help with Exploit
As you are using wordpress on your site, you will get accustomed to see a lot of this type of attacks every day.
But even that CXS is protecting your site I recommend you to install Imunify AV, I use the payed version, but the free version that comes with cPanel can help as well.
In my case, I use Imunify AV+ to do a daily scan of all my accounts and if it finds something that CXS has not, I use the MD5SUM option of CXS to generate the code of the offending file and then I add it to the cxs.xtra file.
But even that CXS is protecting your site I recommend you to install Imunify AV, I use the payed version, but the free version that comes with cPanel can help as well.
In my case, I use Imunify AV+ to do a daily scan of all my accounts and if it finds something that CXS has not, I use the MD5SUM option of CXS to generate the code of the offending file and then I add it to the cxs.xtra file.