Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 2 > General

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 8th October 2009, 12:53
romain33 romain33 is offline
Junior Member
 
Join Date: Mar 2009
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Default Hacked malwar, files appears in web folders

Hi and thanks for your help

I have an ispconfig panel (2.2.18) on a debian each server

Sometimes (all 2 or 3 months), web files appear in some web directories. Usually 3 files by web directory.

for exemple :
/error/z/static.php
/error/z/sync.php
/error/z/backup.php

this files can appears in any other directory of the website directory. For exemple :
for exemple :
/pics/static.php
/pics/sync.php
/pics/backup.php


this files have apache like owner.(www-data)
As you can see in the log below, very special websites try to connect on theses scripts....
[08/Oct/2009:00:05:00 +0200] "GET /error/z/static.php HTTP/1.1" 404 - "http://www.sexytravesti.com/" "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
[08/Oct/2009:00:10:25 +0200] "POST /error/z/sync.php HTTP/1.0" 200 23 "-" "-"

When one of my website is infected by this kind of files google say me than the concerned website is a virus and malware source. Everythings become ok when i delete this files...

Would you know where this files come from? Why do they appear occasionally on my web server? What is the source?

Thanks for reading me and sorry for my bad english..
Reply With Quote
Sponsored Links
  #2  
Old 8th October 2009, 15:32
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,065
Thanks: 826
Thanked 5,395 Times in 4,239 Posts
Default

Most likely you have a vulnerable script or cms system installed in these websites. Please update the cms systems that you have installed in these websites incl. all their plugins. A common reason is e.g. a outdated joomla install.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problems with the virtual email system with postfix, courier,mysql Greg Parker HOWTO-Related Questions 3 3rd January 2007 17:59
Zone files are not updated after deletion from web JAYDEE.U Installation/Configuration 1 1st January 2007 10:09
Default Web Dir fro Installation/Configuration 1 21st October 2006 12:03
uploaded web files not accessable DTGorm General 3 30th May 2006 00:50
FTP access to web files in ISPConfig Rocky Installation/Configuration 14 8th November 2005 23:17


All times are GMT +2. The time now is 18:46.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.