ServerSolutions
28-10-2016, 13:35
Which OS version are you using on your server ? And update OS security package on your server.
Virus on my server, Scripts downloading.
alvaroag
06-06-2016, 05:35
Most probably your server has been infected with a rootkit. Your best alternative is to reinstall, as cleaning a rootkit can be really difficult, time-costing, and almost impossible.
After that, you have to take care on your server's security, like setting hard passwords and setting up a firewall.
After that, you have to take care on your server's security, like setting hard passwords and setting up a firewall.
benjwilkins
06-06-2016, 01:36
I use xampp downloaded from the official website as my webserver. Is there anyway I can check how these files was put onto the server?
benjwilkins
06-06-2016, 01:35
Hey guys.
I have run ClamAV and I keep finding php scripts that are being put into my web server.
Here is an example of the script: http://puu.sh/pibQg/5e44f81d25.png
It displays all of the files on the webserver, and all of the php coding including mysql passwords.
I have monitored FTP, and they are not getting through with that. I have deleted a script 2 days ago, and today these appeared again. I don't know how they are getting access to my server and downloading. They appear in different directories on the webserver each time. Not just the same one. It could be in the IPB Forum directory or a completely different sub domain directory.
Also, I checked 2 days ago, and I saw 2 user accounts in windows with admin permissions, named "admins" and "guest2". On the desktop for this user, there was some viruses. I deleted them and they have not reappeared.
There is no way they can get my root password for remote desktop.
Please help
I have run ClamAV and I keep finding php scripts that are being put into my web server.
Here is an example of the script: http://puu.sh/pibQg/5e44f81d25.png
It displays all of the files on the webserver, and all of the php coding including mysql passwords.
I have monitored FTP, and they are not getting through with that. I have deleted a script 2 days ago, and today these appeared again. I don't know how they are getting access to my server and downloading. They appear in different directories on the webserver each time. Not just the same one. It could be in the IPB Forum directory or a completely different sub domain directory.
Also, I checked 2 days ago, and I saw 2 user accounts in windows with admin permissions, named "admins" and "guest2". On the desktop for this user, there was some viruses. I deleted them and they have not reappeared.
There is no way they can get my root password for remote desktop.
Please help