I am new here. I have a leased web server and I am getting new pages called "postinfo.html" on every domain along with some javascript code (virus) attached at the end of every webpage on every domain. Does anyone know about this or how to get rid of it and prevent it? I have a sneaky suspicion that it is from a phpbb forum.
View 6 Replies
I'm a web hosting reseller. I'm now running on a server, purchased from Hosterio (previously I used WebHostingBuzz). From last few months I'm facing massive virus attack on my server. There are 3-4 Joomla based websites hosted on the server. Most of them (including some non-joomla sites) are getting attacked by HTML frammer and similar viruses. In most of the cases, symptoms are, injection of hidden iframes either at the start or at the end of body tags.
I kindly request the experts here to suggest me the optimum solution. What security measures should I take immediately? What are the recommended file permission and settings that can be set as a WHM account owner? What should I recommend to my clients? Please suggest.
My server specs are:
Linux Server, WHM-Reseller Hosting Account, Apache Web Server Running on Dedicated IP.
PS: If you can suggest a tool to quickly manage file permissions (because FTP clients are taking lot of time to modify permissions of Joomla site, where number of files are more than 2000-3000) on my server, I'll be more grateful.
my friends server has something running that i couldn't find in cron or through access logs.. it is running comus and arrowtrader.. they're porn trading scripts.. anyway.
it's basically executing something at unknown times which i just started logging cause i temporarily moved "find" to /root and made /usr/bin/find echo me the output.. so it's running these:
---
find /etc
find /var
find /usr/local
find
find ./
find ../
find ../../
---
i can't find what is causing this.. i've disabled comus and arrowtrader but they still run, i can't find anything else running in the background that is causing this..
what i'd really like to know is how to make a wrapper for perl to log all commands.. or some kind of exec logging for freebsd, i've looked for a way to also log all commands run by PHP too but i can never find something like that. i've scanned the server, found the r57/rst type backdoors, removed... nothing is listening on a port, i just can't seem to find it, i've enabled accounting and see that find runs, grep runs too.. but can't see what is causing it..
There's supposed to be a virus on one of my server (called "cdpuvbhfzz"). Anyone has any idea on how to remove it? What software to install, what do do next. Also, is transferring an infected account on a different machine is also transferring a virus?
I am on CentOS 5, using cPanel.
I wonder which virus scanner software is useful for Unix server(Centos 4.5). One of my client install SMF forum and when visitors access the forum,their virus scanner warn that site is affected by trojan. I used Clamav to scan entire home directory but seem nothing found.
View 4 Replies View RelatedAlright guys - my server the past two weeks is just freaking ridiculous. It's a Core2Quad Q9300 2.5ghz server with 8gb of ram. It should be fast as hell. I can't move 20 e-mails in my mail client without the server grinding to a complete halt and httpd and mysql going unresponsive. Right now I'm just trying to copy a damned screen shot of the task manager performance tab and it's taking about 3 minutes to paste it - even though the CPU utilization is averaging only 20% at the moment and memory is only 2.5gb.
I restarted WAMP and now it seems to be running smoother. My Outpost firewall, though, didn't show too many connections to the server that it was maxing out.
Here's my ping responses just now while I was typing this - I was watching the firewall connections and I was only having like 60 connections to httpd, 20 connections to mysql, 5-10 to my SmarterTools mail server, and then my remote desktop connection. My network utilization got up to a whole 5% - so it's not that I have too many connections or something. Here's the ping responses:
C:Documents and SettingsBrian>ping mifbody.com -n 99
Pinging mifbody.com [216.245.195.146] with 32 bytes of data:
Reply from 216.245.195.146: bytes=32 time=70ms TTL=115
Reply from 216.245.195.146: bytes=32 time=73ms TTL=115
Reply from 216.245.195.146: bytes=32 time=81ms TTL=115
Reply from 216.245.195.146: bytes=32 time=78ms TTL=115
Reply from 216.245.195.146: bytes=32 time=71ms TTL=115 ....
I have ClamWin on the server and it says the following after a 7 hour scan. I notice there is an option to remove files but not sure if i should.
C:WINDOWSjavaclassesjavavm.exe: Worm.Mytob.FN FOUND
C:WINDOWSsystem32TskMan.exe: Trojan.Servu.1 FOUND
C:WINDOWSsystem32wmc.exe: Trojan.RAdmin-2 FOUND
I have also ran the Microsoft Windows Malicious Software which says it has removed them, restart, and they are back.
My webserver treat ALL files with html tags inside as html files, e.g. text files or EVEN files without extension.
How to only allow .htm, .html files?
I've deactivated temporary mime magic, I also tried with some RemoveHandler, AddType lines but nothing
I want to set up a dedicated server for spam and virus filtering (MX)
But i was wondering, is there a good opensource based tool for this?
We have a Windows Server 2003 dedicated, and use the Windows POP3 Service for emails, is there anything that can be plugged in to provide serverside spam/virus protection?
View 0 Replies View RelatedI have a Dating Portal >>> Dating Sites but HTML file isn't uploading on my server "site5.com" Except HTML file every file is uploading there but HTML isn't
View 2 Replies View RelatedOn a newly installed 2.4 on a fresh Gentoo, I created the following test index.html file
View 3 Replies View RelatedHas anybody ever come across a server problem, where the file is visited (e.g. domain.com/sub/file.html or domain.com/sub/file2.php) it attempts to download the file automatically as apposed to displaying the page?
See image after I visited a page!
I'd like to know that is Linux virus free server or not?
Is there any possibility to run a virus on linux server while uploading files (virus affected) from local system to server end by ftp client?
We have 2 servers, one running Windows 2003 Enterprise that hosts a ColdFusion app, and one running Windows 2003 Standard that hosts our SQL database that is used by the CF app. Nothing else runs on them.
Does anyone have any suggestions for anti-virus products that we could use on these? I don't want one of those elaborate and expensive "suite" programs. I just need to protect the boxes.
I use Kaspersky on our individual machines, and I really don't care much for Norton anymore.
I've been trying to scour the internet trying to find out more information about this worm, but all I find are millions of sites that are infected with it.
If anyone has any information on this virus h**p://tejary.net/h.js
it looks like it has overwrited everything in the database - ..most of everything - seems like a type of sql injection script.
how can I remove a Virus/Trojan from my website?
View 6 Replies View RelatedIs this possible we can scan virus on the account on server?
View 1 Replies View RelatedWhats the best firewall and anti virus software for a server running centos?
View 7 Replies View RelatedI need to know so idea, how to prevent iframe virus injection into the server,also is there is any mod which help in protection for iframe virus.
View 14 Replies View RelatedDoes anyone know of any virus protection software that will work with Cpanel. Actually it probably doesn't have to work with Cpanel.. but here is my situation..
I have a lot of people uploading PDF’s and Word docs to our MySQL database, for other people to download. So far I have been downloading the files to my computer first and scanning them, then approving them. it would be nice if I can automate this check some how. I'm wondering of anyone out there does this sort of thing with the dedicated servers they run. Maybe just putting virus software on the server is good enough.
I am looking to backup client data to a second hard drive on the server. I was wondering if there is any way to protect this data from virus's or any other software attack that may compromise the server data.
View 9 Replies View RelatedIn the event of hosting a web program, who is responsible for the security, ie against hackers, virus and the like. Is it the hosting company or the program developer or the person running the website? Also, what is the best thing to do, with personal computers there's anti virus software, but what about the case of an entire website, do anti virus software companies have solutions for entire websites?
View 6 Replies View Relatedi have 2 blogs with ixwebhosting.com from 1 1/2 years. from 10 days my blogs are getting attack frequently. every time i am cleaning and reporting to them. they are also clean it. but it is attacking again. They said my system has virus. (but i have latest bitdifender 2010 total security,probably the best antivirus) i also have account with 3 more hosts with many sites. everything works fine.
i am asking them why only this account getting affected if i have virus in my system.i already moved one site to another host where it is working fine now. Except this problem they are very good. So i can't left them.
if any one has experience this kind of problems, please suggest me what to do?
Several companies like Fast servers and the planet provide spam filtering mail gateways (Spirus/ Barracuda etc).
Are there any reliable affordable 3rd party services out there as well?
Is this just for mail antivirus? where do I see the report of the anti virus?
View 2 Replies View Relatedrecently i have setup VPS. I would need to installed ClamAV virus protector.
Can someone with experience let me know how to. Give me some instruction to download uncompress then install it.
Last month I order 2 Xen VPSs from Xenvz.co.uk and use them for VPN proxy.
But a few days ago, xenvz stopped one vps and state "This is because it is spreading the Conficker virus.". I'm a little surprise because there's only 10+ users on this vps. Most of them use VPN for visting Youtube or P2P download or gaming. And Conficker virus can only run on Windows, but all my vps is running on Debian.
Maybe someone had download something that contain Conficker virus?
Anyway, I had to move a few users to another vps yesterday.
But xenvz stop my another vps today for the same reason!
I really do not know whether or not one of my user is spreading or other reason, but as I know, Conficker virus had affected thousands of hosts in the past. If someone download or being affect by conficker for any reason, provider then stop their host, I'm afraid thousands of sites would down.
I like to use an other virus software for scanning mails. e.g. clamav I found an old HowTo on [URL] .... but this not work with panel 11.
Is it possible to use an other antivirus software like clamav, sophos, eset, or ... ?
"What anti-virus do you use on your postfix email server powered by Plesk?".Is there an anti-virus program that can be installed on Plesk version 12.0.18 as an extension or component? I need it primarily for protection of incoming email from malware.I've seen in Add or Remove Components in the Mail hosting features that I have installed Kaspersky antivirus, but I didn't seen anywhere that it actually can be configured from within Plesk. It also, as far as I can see, doesn't do anything. what is Kaspersky antivirus used for in Plesk and how can I configure it?
View 2 Replies View Related
