Author Topic: coin hive attack on my server ... how? (Read 5166 times)

mouchoon · « **on:** October 06, 2018, 07:33:38 AM »

hello

my server with CentOS 6.9, CWP version: 0.9.8.573
few days infected with virus : coinhive and in all my websites in this server get:

Threat found
This web page contains potentially dangerous content.
Threat: JS/CoinMiner.AH potentially unwanted application

how to clean this from my cwp?
How it happened and firewall has not worked?

Netino · « **Reply #1 on:** October 07, 2018, 08:13:45 PM »

You *must* have to check your *entire* server, with a clean boot.

If you don't have phisical access to the server, you must ask to it who have.

After that, try to install Maldet, with script:
/scripts/install_maldet

Check if you have some antivirus installed too.

Normally, if you have some malware in your server, discovered by accessing some page, you must check that page individually, and restore the original page or program.

bullten · « **Reply #2 on:** October 08, 2018, 04:14:28 AM »

Do remember CentOS kernels are not symlink patched. If one site gets hacked then all sites on your server may get compromised using symlink attack. Its better to use symlink patch for protection as multiple sites are hosted on your server.

Code: [Select]

https://www.cloudlinux.com/kernelcare-blog/entry/symlink-protection-patchset-centos-6-7-kernelcare

Control Web Panel

Author Topic: coin hive attack on my server ... how? (Read 5166 times)

coin hive attack on my server ... how?

Re: coin hive attack on my server ... how?

Re: coin hive attack on my server ... how?