Control Web Panel
WebPanel => CentOS-WebPanel Bugs => Topic started by: mouchoon on October 06, 2018, 07:33:38 AM
-
hello
my server with CentOS 6.9, CWP version: 0.9.8.573
few days infected with virus : coinhive and in all my websites in this server get:
Threat found
This web page contains potentially dangerous content.
Threat: JS/CoinMiner.AH potentially unwanted application
how to clean this from my cwp?
How it happened and firewall has not worked?
-
You *must* have to check your *entire* server, with a clean boot.
If you don't have phisical access to the server, you must ask to it who have.
After that, try to install Maldet, with script:
/scripts/install_maldet
Check if you have some antivirus installed too.
Normally, if you have some malware in your server, discovered by accessing some page, you must check that page individually, and restore the original page or program.
-
Do remember CentOS kernels are not symlink patched. If one site gets hacked then all sites on your server may get compromised using symlink attack. Its better to use symlink patch for protection as multiple sites are hosted on your server.
https://www.cloudlinux.com/kernelcare-blog/entry/symlink-protection-patchset-centos-6-7-kernelcare