Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
F
F
fStrange2019-06-21 20:40:49
Malware
fStrange, 2019-06-21 20:40:49

Substitution of index.php where to look?

index.php in the root of the site is changed to an infected one. server tools. Only 1 file. Almost instantly, less than a second. I delete via ssh, update, it is already in place. Those. it is copied from somewhere.

Not via ftp. Not over http. checked.
The crontab is empty.

Where to dig? Regular hosting.

Updated:
A line is also added to .htaccess. .htaccess, unlike index.php, is not completely replaced, only a line is added.

RewriteRule ^\/(balladic)([0-9]+)(.*)\/bs([0-9]+)\/(.*)$ ?balladic$2=$4&%{QUERY_STRING}[L]

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
A
Anatoly, 2019-06-22
@Tolly

Upload files to the server and remove edit permissions for the web server and php.
In addition to the uploads folder, leave the rights.
Try changing the subject, maybe your legs grow from there.
PS. But WP will not be able to update, so you have to do it manually.

Similar questions
I
IartanisI2015-10-28 10:10:20
Why is the proxy removed on computers on the subnet? 2Reply
V
Vasily2015-11-02 16:21:37
What do you do when you receive letters with malicious code from the servers of "mail giants" (mail.ru. gmail.com ...)? 1Reply
6
69from2021-07-08 18:34:00
How to deal with spam on http sites? 2Reply
Z
ZeroMorale2018-03-26 14:59:39
A virus that redirects to another site from search engines - how to get rid of it? 1Reply
E
Egor Pogorelov2021-07-23 10:26:26
Can the extension access Google photos? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question