HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   Hacked malwar, files appears in web folders (http://www.howtoforge.com/forums/showthread.php?t=39947)

romain33 8th October 2009 12:53

Hacked malwar, files appears in web folders
 
Hi and thanks for your help

I have an ispconfig panel (2.2.18) on a debian each server

Sometimes (all 2 or 3 months), web files appear in some web directories. Usually 3 files by web directory.

for exemple :
/error/z/static.php
/error/z/sync.php
/error/z/backup.php

this files can appears in any other directory of the website directory. For exemple :
for exemple :
/pics/static.php
/pics/sync.php
/pics/backup.php


this files have apache like owner.(www-data)
As you can see in the log below, very special websites try to connect on theses scripts....
[08/Oct/2009:00:05:00 +0200] "GET /error/z/static.php HTTP/1.1" 404 - "http://www.sexytravesti.com/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
[08/Oct/2009:00:10:25 +0200] "POST /error/z/sync.php HTTP/1.0" 200 23 "-" "-"

When one of my website is infected by this kind of files google say me than the concerned website is a virus and malware source. Everythings become ok when i delete this files...

Would you know where this files come from? Why do they appear occasionally on my web server? What is the source?

Thanks for reading me and sorry for my bad english..

till 8th October 2009 15:32

Most likely you have a vulnerable script or cms system installed in these websites. Please update the cms systems that you have installed in these websites incl. all their plugins. A common reason is e.g. a outdated joomla install.


All times are GMT +2. The time now is 10:45.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.