ROOTPLOIT
Server: LiteSpeed
System: Linux server71.web-hosting.com 4.18.0-513.18.1.lve.el8.x86_64 #1 SMP Thu Feb 22 12:55:50 UTC 2024 x86_64
User: niphet (1079)
PHP: 5.3.29
Disabled: NONE
$ pwd: /home/niphet/
Upload Files
File: //home/niphet/scan_report-2025-05-07_17-14
----------- SCAN REPORT -----------
TimeStamp: Wed, 7 May 2025 17:14:47 -0400
(/usr/sbin/cxs --background --clamdsock /var/clamd --dbreport --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 100000 --noforce --html --ignore /etc/cxs/cxs.ignore.manual --options mMOLfSGchexdnwZDRru --noprobability --qoptions Mvh --quarantine /opt/cxs/quarantine --report /home/niphet/scan_report-2025-05-07_17-14 --sizemax 1000000 --ssl --summary --sversionscan --timemax 30 --unofficial --user niphet --virusscan --vmrssmax 2000000 --waitscan 0 --xtra /etc/cxs/cxs.xtra.manual)


Scanning /home/niphet:

'/home/niphet/access-logs'
# Symlink to [/usr/local/apache/domlogs/niphet]

'/home/niphet/.nc_plugin/hidden'
# World writeable directory

'/home/niphet/.softaculous/installations.php'
# Universal decode regex match = [universal decoder]

'/home/niphet/public_html/index.php'
# Universal decode regex match = [universal decoder]
# (quarantined to /opt/cxs/quarantine/cxsuser/niphet/index.php.1746653202_1) (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [Hacker Sig Exploit [P2208]]

'/home/niphet/public_html/VisualMaking.com/wp-includes/version.php'
# Script version check [OLD] [Wordpress v3.5.1 < v6.8.1]

'/home/niphet/public_html/VisualMaking.com/wp-includes/js/plupload/plupload.silverlight.xap'
# (compressed file: plupload.silverlight.dll [depth: 1]) MS Windows Binary/Executable [application/x-winexec]

'/home/niphet/public_html/summitcapture.com/wp-content/plugins/akismet/akismet.php'
# Script version check [OLD] [Akismet Anti-Spam v4.1.8 < v5.3.7]

'/home/niphet/public_html/summitcapture.com/wp-content/plugins/duplicate-post/duplicate-post.php'
# Script version check [OLD] [Yoast Duplicate Post v3.2.6 < v4.5]

'/home/niphet/public_html/summitcapture.com/wp-content/plugins/regenerate-thumbnails/regenerate-thumbnails.php'
# Script version check [OLD] [Regenerate Thumbnails v3.1.5 < v3.1.6]

'/home/niphet/public_html/summitcapture.com/wp-includes/version.php'
# Script version check [OLD] [Wordpress v4.5.29 < v6.8.1]

'/home/niphet/public_html/wp-content/plugins/google-sitemap-generator/sitemap.php'
# Script version check [OLD] [Google XML Sitemaps v3.2.8 < v4.1.21]

'/home/niphet/public_html/wp-content/plugins/jqs-pro/tmp.php'
# Universal decode regex match = [universal decoder]

'/home/niphet/public_html/wp-content/plugins/jquery-full/inbex.php'
# Universal decode regex match = [universal decoder]

'/home/niphet/public_html/wp-content/plugins/jquery-update/index_old.php'
# Universal decode regex match = [universal decoder]

'/home/niphet/public_html/wp-content/plugins/my-blog-copy/csv.php'
# Universal decode regex match = [universal decoder]

'/home/niphet/public_html/wp-content/plugins/wordpress-preview/includes/admin.php'
# Decode regex match = [decode regex: 1]

'/home/niphet/public_html/wp-content/plugins/wordpress-preview/includes/class.php'
# Decode regex match = [decode regex: 1]

'/home/niphet/public_html/wp-content/plugins/wordpress-preview/includes/driver.php'
# Decode regex match = [decode regex: 1]

'/home/niphet/public_html/wp-content/plugins/wordpress-preview/includes/tooltip.php'
# Decode regex match = [decode regex: 1]

'/home/niphet/public_html/wp-content/plugins/wp-file-manager/lib/codemirror/mode/clike/index.html'
# Suspicious file type [application/x-c]

'/home/niphet/public_html/wp-content/plugins/wp-programme-instance/app.css'
# Universal decode regex match = [universal decoder]

'/home/niphet/public_html/wp-content/themes/sketch/404.php'
# Universal decode regex match = [universal decoder]
# (quarantined to /opt/cxs/quarantine/cxsuser/niphet/404.php.1746653709_1) (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P0297]]

'/home/niphet/public_html/wp-content/themes/twentyfive/include.php'
# Universal decode regex match = [universal decoder]
# (quarantined to /opt/cxs/quarantine/cxsuser/niphet/include.php.1746653718_1) (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Shell Exploit [P0297]]

'/home/niphet/public_html/wp-content/themes/twentythree/view.php'
# Universal decode regex match = [universal decoder]
# (quarantined to /opt/cxs/quarantine/cxsuser/niphet/view.php.1746653727_1) (decoded file [advanced decoder: 14 (depth: 1)]) Known exploit = [Fingerprint Match (fp)] [PHP Exploit [P1900]]

'/home/niphet/public_html/wp-includes/version.php'
# Script version check [OLD] [Wordpress v3.8.41 < v6.8.1]

'/home/niphet/public_html/wp-includes/js/plupload/plupload.silverlight.xap'
# (compressed file: plupload.silverlight.dll [depth: 1]) MS Windows Binary/Executable [application/x-winexec]

'/home/niphet/var/cpanel/styled/current_style'
# Symlink to [/usr/local/cpanel/base/frontend/paper_lantern/styled/retro]

----------- SCAN SUMMARY -----------
Scanned directories: 1840
Scanned files: 34575
Ignored items: 630
Suspicious matches: 31
Viruses found: 0
Fingerprint matches: 4
Data scanned: 7698.13 MB
Scan peak memory: 403000 kB
Scan time/item: 0.043 sec
Scan time: 1568.882 sec
@ Telegram