View Single Post
  #1  
Old 8th October 2009, 12:53
romain33 romain33 is offline
Junior Member
 
Join Date: Mar 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Hacked malwar, files appears in web folders

Hi and thanks for your help

I have an ispconfig panel (2.2.18) on a debian each server

Sometimes (all 2 or 3 months), web files appear in some web directories. Usually 3 files by web directory.

for exemple :
/error/z/static.php
/error/z/sync.php
/error/z/backup.php

this files can appears in any other directory of the website directory. For exemple :
for exemple :
/pics/static.php
/pics/sync.php
/pics/backup.php


this files have apache like owner.(www-data)
As you can see in the log below, very special websites try to connect on theses scripts....
[08/Oct/2009:00:05:00 +0200] "GET /error/z/static.php HTTP/1.1" 404 - "http://www.sexytravesti.com/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
[08/Oct/2009:00:10:25 +0200] "POST /error/z/sync.php HTTP/1.0" 200 23 "-" "-"

When one of my website is infected by this kind of files google say me than the concerned website is a virus and malware source. Everythings become ok when i delete this files...

Would you know where this files come from? Why do they appear occasionally on my web server? What is the source?

Thanks for reading me and sorry for my bad english..
Reply With Quote
Sponsored Links