A
A
Alexander Che2015-09-01 19:09:39
Fight against spam
Alexander Che, 2015-09-01 19:09:39

Vulnerability problem - emails from my host. How to cure?

Good day!
A myriad of messages like this periodically fall into the mail: (part of the letter was fixed so that the essence was clear)
Received: from user8095 by (my host) with local (Exim 4.80.1)
(envelope-from )
id 1ZWnE7-003uo9-PO
for joel.tunbridge @btinternet.com; Tue, 01 Sep 2015 18:11:59 +0300
To: [email protected]
Subject: FW: Popular ED propositions
X-PHP-Script: my host path/parameters/alias.php for ...... .196.239, .......196.239
X-Priority: 3 (Normal)
After that, I delete this php file, it becomes quiet for a while, but then the attack starts again. (the php file appears again, which is outrageous, while this file appears constantly in new places and on different sites that hang on this host).
I checked the host with an antivirus (aibolit), checked for the presence of shells with the antivirus built into cpanel to find the shells that generate these scripts, but found nothing.
Can someone come across this? How to remove this star? How to fight?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
V
Vladimir Martyanov, 2015-09-01
@vilgeforce

If you get rid of it - rearrange everything again, because no one will give a guarantee that after the next cleaning there is nothing left. If you search and have fun - analysis of access logs via SSH / FTP / Web, look for how to upload and close.

D
DrunkMaster, 2015-09-01
@DrunkMaster

It is desirable to change the password for FTP, SSH, iptables. There is an option to re-upload everything from your sources after that, to be sure.

R
ramjke, 2015-09-01
@ramjke

A common reason is incorrect permissions on folders and files.
Check that you have 755 permissions on ALL site directories, and 644 permissions on ALL files. The find /home/user -type d -exec chmod 755 {} \
command can change the rights recursively on all nested directories ; Recursively on all files in nested directories find /home/user -type f -exec chmod 644 {} \;

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question