malware alert - what is {HEX}r2h.malware.blue.44??

Discussion in 'ISPConfig 3 Priority Support' started by craig baker, Apr 21, 2017.

  1. craig baker

    craig baker Member HowtoForge Supporter

    I noticed an alert about this being in a wordpress site /tmp folder. I've moved it elsewhere for the time being,
    but I find no information - what IS this? and how concerned should I be.
    and where do I see what 'malware.blue.44' is???
    thanks
     
  2. concept21

    concept21 Member HowtoForge Supporter

    That means that file has a malware signature named 'malware.blue.44'. :p
     
  3. till

    till Super Moderator Staff Member ISPConfig Developer

    This is just an internal signature name. Many malware signatures match more than one malware as they detect the way the code is hidden while the actually encrypted hidden code might differ. If it's in the /tmp folder, then you should be able to remove it safely and then check which Linux user owns this file (e.g. web5) and then you should check that the website that is hosted in web5 has all security patches installed.
     

Share This Page