Trace Malware
Jul 31, 2006How would I trace a malware file uploaded to a particular account? ....
View 2 Replies
ADVERTISEMENT
Malware And Gumblar.cn Etc
May 16, 2009in my server more than 5 sites got malware and gumblar.cn trojan, when i keep deleting it, it keeps coming back, any idea how to solve this?
View 10 Replies View RelatedMalware Installation
Apr 23, 2008Can this be interpreted as a malware (procede the following steps with caution).
After visiting miniclip.com/games/super-gerball/en/ without me clickiing on anything and confirming that I want to Install a game, a new folder is created in my Windows Start Menu and in a Documents and Settings folder.
Although I believe no harm is actually done with this installation, can attacker use this method to install a malware? How can I prevent this, what options should I change in my Firefox browser?
Malware Attacks On Servers
Oct 31, 2009Recently, i hosted my domain with two different servers. but both of them were attacked by malwares and viruses. Google also started showing warning like "This site may harm your computer".
Now i can't open my site on firefox (it gives security warning)... when i open in explorer , my index page is totally changed.
Is there a solution for that? Which linux server will be best to protect my site from malware attacks.
Website Malware Scanning
Apr 8, 2009A website I've recently been entrusted with was cracked into via brute force ftp earlier this week. Apparently the bad guys ran a script that added iframe links to every page named index.html. The iframe linked to 3 sites that prompted malware downloads.
I think I've found and removed all the affected code, however I'm looking for an online website scanner that will drill down through all the links on a given site and search the code for similar problems.
I've only found a couple of these so far and they don't seem to fit the bill; was wondering if anyone here had recommendations or experience with similar tools...
Domain Flagged For Malware; How To Correct Blacklist
Apr 29, 2009A Wordpress install on one of my domains was compromised a few months ago, and there was a 4-hour window in which the site contained an iframe injection that lead to a malware site.
The problem was corrected, and Google stopped flagging the site as malicious within a few hours after the fix. However, every once in a while I still hear of people having problems accessing the site, all of them I think from within large corporate networks.
Are there a few common list providers that these corporate networks are likely to be subscribing to? Is there a way I can submit the domain for reevaluation? If not, how long would you think a domain would have to be clean in order to repair its reputation on these lists?
All HTTP Requests To My Server Gets Redirected To Malware Websites
Jul 24, 2009When i try to open any website hosted on my server (around 50 of them) i am being taken to following malware website;
[url]
[url]
This is a problem with my Limnux server running Apache and not a virus on my local computer as customers from all over are reporting the same issue.
As soon as i restart Apache eveything returns to normal with no such redirects.
I think my server is being attacked causing http requests to get redirected to some malicious website.
This issue would resurface almost every hour and would not go away till i restart apache.
So far my Datacenter techs. have not been able to identify the cause of this.
Clamav Died :: Malware Acl Condition: Clamd: Connection To 127.0.0.1, Port ...
Aug 21, 2006malware acl condition: clamd: connection to 127.0.0.1, port 3310 failed (Bad file descriptor)
This is a normal Cpanel FC3 exim/clamav server.
Has anyone come across this annoying yet little error?
Trace The DNS?
Oct 4, 2008I don't know whether possible or not if we can trace the dns from certain reseller webhosting and found where she or he bought the package... maybe it is important because we must know the reputation of the seller.
View 2 Replies View RelatedIP Trace Route
May 13, 2008I got 3 IP addresses i am trying to trace and I want to know where this person has send me those from. Is is possible to get exact addresses/locations?, where the person who sent me the emails is from? and Infos which websites have been visited?
This are the 3 IP's i have got:
216.139.189.105
41.204.234.10
82.13.210.203
After Trace Route, What Next ?
Jul 3, 2009After Trace route whats the next thing to do ? When my ISP dynamic IP address is some like and starts with 112.0.0.0 I cannot see all sites on the server. So what I did run a tracert on DOS prompt. After 9 hops and reach this IP 216.18.239.6 everything timed out and it cannot reach my server.
I already tested several Internet access and its reaching the server except my home DSL with the IP 112. I also checked if the IP is block on the firewall but its not present on the block list. I also mentioned this with my internet provider and still waiting for notification.
what to do next?
How Do You Trace NameServers?
Nov 5, 2009How do I trace name servers back to the web hosting company?
There is a website that is sharing my copyrighted information and I want to contact their hosting company.
They are using nameservers
NS.theirwebsite.com
N2.theirwebsite.com
Anyone have a tool for this?
How To Trace A Connection
May 20, 2008I dont know much about server. I was wondering: if I plug in my laptop at work would the server log my connection, even if my laptop is not a client?
View 2 Replies View RelatedTrace Your Processes
Oct 23, 2006anybody here have a review or a way to trace proccess from scratch after top -c or ps -aux
how i got the exact file or user cause this process ....
Nobody Files Always Appear On My /tmp, How To Trace Where They From?
Jul 26, 2006I found that recently a lot of nobody files appear in my /tmp.
I delete and delete.. by still same. I don't know how to trace where they from. I suspect is from my hosting users, but I don't know how to check and trace. Anybody can give me some guide?
"JS:Bulered" Obfuscated Malware Code
Jul 23, 2009Avast started giving out warnings when people viewed my site saying a trojan horse was detected called "JS:Bulered".
I looked through the page and noticed a chunk of code added at the end of the page:
[code ...]
I cleared it then noticed it was also added to random files on my Invision Power Board forum and Coppermine gallery so I cleared it from there as well (just replaced the files from a backup I had).
I'm currently on a dedicated server with SoftLayer and I have a few other sites and when checking them I noticed the code was added to pages on those sites as well!
Right now I'm just concentrating on my main site I've cleared all the code, changed the password, ftp password, root password for the server. But after several hours the code was added again..
I read somewhere that it could be an infection on my computer that is using the ftp connection I make to inject the code to my site so I've changed the ftp password again and I've stopped using ftp. It's been a couple of hours and the code hasn't been added back yet but there's a good chance it'll be back soon.
Apache TRACK/TRACE
May 25, 2009Can anyone please tell me how dangerous in fact Apache's TRACE and TRACK functions?
I have read common explanation but would disabling TRACK and TRACE improve my server's ability to fight cross site scripting and similar attacks and make it more secure?
How To Watch/trace A Process?
Jul 19, 2008I can't remember the name of the utility that lets you watch what a process is doing. You call it on a PID and you can see all the memory allocations, file IO, library loading, etc. that the process is doing as it happens. Anyone know what I'm thinking of?
View 2 Replies View RelatedTrace Route To New Site
Oct 8, 2007I recently moved a customer's site to a new server. Everything went smoothly except for the fact my customer cannot access the new site. When he pings it he gets the right IP address but it just times out.
The URL is regalfire.co.uk
I asked him to run a tracert command and it seems to find the right path but stops just short of finding the server. The last server he connects to is ge-5-2.the.uk.euroconnex.net [87.127.231.90] which is the same as me. The next step is the actual server but for him it just times out.
I can see the new site fine. His ISP is Virgin Media and I have asked several other customers with the same ISP and they can see the site OK.
He has flushed his DNS cache and the problem remains.
Does anyone have any ideas what I could try next?
How Can I Trace My Datacenter Detail?
Jul 22, 2008How can i trace my datacenter detail through my website ip?
View 14 Replies View RelatedPure-ftp Trace IP Address
May 12, 2008I have pure-ftp server.
I have checked some ftp failure login attempt made but when i check log file but only see real ip address which is external ip address but i want to trace main ip so anyone tell me howto trace that ip address.
Trace Ddos Attack Logs
Apr 8, 2007I had a bandwidth spike yesterday for a short while and I wanted to know where I can look to trace what IP(s) caused the high traffic spike.....
View 1 Replies View RelatedConstant Server Crash, How To Trace?
Apr 21, 2007My server is constantly crashing (halting to dead) and needing reboot literally every few hours. I cannot trace the cause of this whatsoever. Please help out.
CPU/Memory/MySQL Usage shows no accounts in red or yellow zone ....
Maxed Disk Usage, Can't Trace
Feb 11, 2008root@server # df -h
Filesystem Size Used Avail Use% Mounted on
/dev/sda3 145G 145G 0 100% /
/dev/sda1 99M 41M 54M 44% /boot
none 250M 0 250M 0% /dev/shm
/usr/tmpDSK 6.7G 74M 6.3G 2% /tmp
/tmp 6.7G 74M 6.3G 2% /var/tmp]
I cannot trace where the usage is coming from. There is only one account on this box using 26GB. Its a centos/cpanel box. I checked /var/log and had already deleted audit.d directory. /usr/local/apache/domlogs and logs show almost nothing.
Trace High(ish) Linux Load
Apr 27, 2007This is a RHEL3 box. It has a couple hundred sites, most of which are pretty quiet most of the time, lately I can't get the load below 3 most of the time. I've tried all the usual TOP PS and the rest, but I'm not seeing my problem. I've attached a text file with extended outputs. but here's what I'm seeing now from TOP and VMSTAT. I'm not sure what else I could be looking at.
I've been watching, and it seems to be Apache most of the time at the top of TOP, and I'm logging slow-queries for myslq, but there aren't many there.
top
10:02:03 up 3 days, 21:23, 2 users, load average: 2.81, 2.83, 3.05
140 processes: 137 sleeping, 2 running, 1 zombie, 0 stopped ....
How To Trace The Nobody Spam Mail Sent From My Sevrer?
Dec 10, 2008How to trace the nobody spam mail sent from my sevrer?
I fond near to 15k spam mail sent from m server and bounced back.
All mails is sent by nobody. May I know how can I trave the mail is sent from which domain user? (I am using whm/cpanel)
The mail header i found from WHM is below: ....
Trace Route To My Server - Is This Normal ?
Jun 10, 2007Hi over the last week ive been having numerous problems with hosting accounts on 2 different servers which has lead me to think that my 'security' is not 'secure' and a malicious user is at play. im in the uk on broadband on a private connection to the internet - no-one else should be sharing this connection. This is the traceroute from my connection at home to the server ive had the most problems with - is this normal?
Traceroute has started ...
Can Ping, Can Trace But Cannot Reach The Website?
Jul 30, 2008Hi, I can ping also can trace to but cannot browse the website?
View 6 Replies View RelatedCannot Trace Spammers Shared Hosting Cpanel
May 9, 2009I need some help tracing a spammer on my shared hosting cpanel server.
First off this is my configuration:
- apache 2.2 / php 5x
- suphp enabled
- prevent nobody user from sending mail = enabled
- my exim config ....
How To Check And Trace How Much System Resource An Account Use?
May 16, 2009i am looking some shared hosting plan,
some companies say each account can not use system resource (ram and cpu) over 5%,
i want to ask how do they record the value?
ps.the server is centos with cpanel.
Shell Uploaded - Site Hacked - How To Trace ?
Nov 6, 2008Shell uploaded - Site hacked - How to trace?
Many of my customers let me know that their websites had been hacked. I think it comes from local hacker ....
