A
A
angelzzz2018-07-24 23:54:18
Malware
angelzzz, 2018-07-24 23:54:18

How to find out where the virus is on the hosting and what does it do?

A virus has appeared on the hosting. I found it by accident, uploaded the layout for the client (html, css, js) to a test site on the hosting and saw that there were php files in the folder. At first I thought that maybe some package in npm creates virus files at different intervals during the build, which, out of habit, are copied and sent to the server. I do the assembly with gulp.

Judging by the timing, at 18 o'clock the first stage, at 21 the second stage. It is possible that at 18 I uploaded, but there is nothing in the build (I sent it to the git). A day later, hosting went down with an error of 500 and using 400 MB of RAM.

The virus pretends to be Wordpress files. The hosting has one site on Wordpress, but it has been updated without plugins, I think it is unlikely that this is it. Now I accidentally checked the site through pagespeed, it shows some other site (although in fact the site opens normally)

What could be the misfortune? How to treat it and, most importantly, how to avoid it in the future?

Working machine on MacOS

Answer the question

In order to leave comments, you need to log in

1 answer(s)
A
Artem Kiryanov, 2018-07-25
@hacker342

So, can I connect to the reach using SSH? Basically, I had the same problem. But you need SSH access to make it easier to track processes.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question