I have a question for all you experts who have had similar experiences as me:
Is there a solution for this malware on the site? An infection on the Linux server, where we're constantly in the Wordpress script generates files of type wb 5433712.php antimalware program is a malware called Backdoor.PHP.WebShell! E2 It is interesting that the infection has spread to all subdomains and parked domains on hosting.
The worst thing is that this malware also creates .htaccess file which redirected to sites infected and compromised the Russian site. When I check the site ... stopbadvare.org reported that it is infected with some javascript files. I took off the head of VP script on the computer, and also found Malvar: Backdoor.PHP.WebShell! E2Back which successfully deleted.
Is there a solution to the problem on hosting? What would help to prevent the creation and dissemination of these redirects zaraze.stranicama. Now I have a question for all you experts who have had similar experiences as me:
Is there a solution for this malware on the site? An infection on the Linux server, where we're constantly in the Wordpress script generates files of type wb 5433712.php antimalware program is a malware called Backdoor.PHP.WebShell! E2 It is interesting that the infection has spread to all subdomains and parked domains on hosting.
The worst thing is that this malware also creates .htaccess file which redirected to sites infected and compromised the Russian site. When I check the site ... stopbadvare.org reported that it is infected with some javascript files. I took off the head of VP script on the computer, and also found Malware: Backdoor.PHP.WebShell! E2Back which successfully deleted.
Is there a solution to the problem on hosting? What would help to prevent the creation of the redirect and the spread of infection.
swebdizajn 0 Newbie Poster
Recommended Answers
Jump to PostSome Hands-on analysis is required...
in terminal on the infected host...
Do NOT run this as root unless it's run from the users' /home/$user directoryfind `pwd` -name *.php -exec grep base64_decode {} \; > ~/infected.out
then let's count the number of infected files...
Jump to PostAre you a client on this VPS, or the "owner"? (do you have root?)
Because if it is just a regular cPanel account (swebdiza) then it is possible it is only that account that is an issue.If swebdiza IS the Main cPanel account (WHM actually) then it is …
All 7 Replies
Habitual 0 Newbie Poster
swebdizajn 0 Newbie Poster
Habitual 0 Newbie Poster
swebdizajn 0 Newbie Poster
Habitual 0 Newbie Poster
swebdizajn 0 Newbie Poster
Habitual 0 Newbie Poster
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.