9 {{ upvoteCount | shortNum }}
9 {{ upvoteCount | shortNum }}

Security Question about Keylogging Viruses

by Core Freedom
7 replies
Hi all, I'm not sure this is in the right place. Does anyone know if there is a way to see whether or not my computer has been infected with a keylogging virus? I run MS Security Essentials, Malwarebytes and Spybot Search and Destroy. It has found nothing, and yet my cpanel has been getting hacked into every other day. I get things restored, change the password and a day later the entire thing is being hacked into again. Does anyone know how to look for keylogging viruses?
#keylogging #question #security #viruses
  • Profile picture of the author so11
    Hello,

    At this point (after scanning with all those tools), I really doubt that Keylogger is the problem. Sounds like there is an issue with your website.

    Try adressing two things :

    1. Go over all configurations and see if anything should be resecured. Ex.: are there any accounts that shouldn't be there?
    2. Scan/audit your site using a Web application scanner (there might be an issue with some of the plugins/code running). Search the Internet for free ones or get it scanned professionnly by someone.

    good luck
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[7492527].message }}
    • Profile picture of the author linuxoctane
      So are they changing stuff? adding spam links?
      You have any ftp accounts enabled? Could be someone doing brute force attacks.
      Do you use wireless in a public setting. You could be the victim of a man in the middle attack. So many things could be going on. I would contact the hosting company ask them to assist. Also ask them if they can tell you how the person is connecting.. example ftp account/ssh or direct cpanel.

      They might also assist you in locking down your installation.
      {{ DiscussionBoard.errors[7494007].message }}
  • Profile picture of the author brettb
    Maybe your router/network has been hacked?

    I got my FTP password stolen once. It turned out it was malware on my PC. Some malware is very difficult to find.
    Signature
    ÖŽ FindABlog: Find blogs to comment on, guest posting opportunities and more ÖŽ
    {{ DiscussionBoard.errors[7497006].message }}
  • Profile picture of the author Weblover50
    Are you sure it is the cPanel that is hacked? There could be FTP accounts that are compromised and you forgot to change the passoword. Delete all extra FTP accounts and see. Also check the FTP logs to see any logins and see the username that is being used (ignore the ipaddress, that could be another hacked system).

    You may also use a virtual keyborad to type the passwords and it is almost guranteed to be undetectable for a key logger.
    Signature

    Hosting specials - Hostgator Review and Inmotion Coupon

    {{ DiscussionBoard.errors[7498620].message }}
  • Profile picture of the author Core Freedom
    Thank you all for responding! We checked all the things you mentioned and it's unclear. Hostgator has been screwing up big time. But hacked 5 times over the past 8 times. They even exported the entire database. They have access through the cpanel (not the server and not ftp), even though we have blocked all entries besides 2 permitted IPs to access the server/ftp/cpanel. No luck, today they hacked into the root folder. Several security people have been looking at it for over 10 days and no one can figure this out. So it's time for a new hosting company.

    Thanks all!
    {{ DiscussionBoard.errors[7499953].message }}
    • Profile picture of the author linuxoctane
      Originally Posted by Blueprint4Love View Post

      Thank you all for responding! We checked all the things you mentioned and it's unclear. Hostgator has been screwing up big time. But hacked 5 times over the past 8 times. They even exported the entire database. They have access through the cpanel (not the server and not ftp), even though we have blocked all entries besides 2 permitted IPs to access the server/ftp/cpanel. No luck, today they hacked into the root folder. Several security people have been looking at it for over 10 days and no one can figure this out. So it's time for a new hosting company.

      Thanks all!
      Wow! 10 days. But without talking to them. Sounds like they think it is on your end!
      Let us know if they find anything!
      {{ DiscussionBoard.errors[7500731].message }}
    • Profile picture of the author awesometbn
      Originally Posted by Blueprint4Love View Post

      Thank you all for responding! We checked all the things you mentioned and it's unclear. Hostgator has been screwing up big time. But hacked 5 times over the past 8 times. They even exported the entire database. They have access through the cpanel (not the server and not ftp), even though we have blocked all entries besides 2 permitted IPs to access the server/ftp/cpanel. No luck, today they hacked into the root folder. Several security people have been looking at it for over 10 days and no one can figure this out. So it's time for a new hosting company.
      Unfortunately this is one of the drawbacks with using shared hosting. Another user account or software program on the same server that is compromised by an attacker might easily spread to other areas of the server. That means your database, hard drive storage, bandwidth, CPU, everything is potentially at risk.

      If you were the admin of your own server, you could shut down processes, block connections by editing iptables, run diagnostics for memory and disk usage, look for intrusion detection alerts from file integrity checking such as OSSEC, as well as uninstalling software or upgrading to newer versions. But these options are limited with shared hosting, so you have to rely on the support team from your hosting provider, or opt to spend more for a dedicated server if you want more control.
      {{ DiscussionBoard.errors[7525356].message }}

Trending Topics