Check for Symlink Attack on Cpanel Server

Symlink Attack allow a hacker to hack one web site and gain access to another Apache Virtual Hosts in a cpanel server. Hacker will be able to get read access to files on other hosting accounts, with that, they can read web site config files, giving them MySQL or other login info stored in configuration files.

To check if your server have infected with symlink attack, run

find /home/*/public_html -type l > /root/smylinks.txt

Check the content of the file “/root/smylinks.txt”. if you see any site having too many symlinks to other sites, your server is infected with symlink attack.

To prevent this, you can install CloudLinux CageFS.

Need help with Linux Server or WordPress? We can help!

Leave a Reply

Your email address will not be published. Required fields are marked *