| Posted by webhostbeginner, 03-31-2010, 04:00 AM | | Hello,
recently some of our html files on server have a javascript virus !
I deleted the virus code from file manually but that code add to html file again !
today I found some .htaccess file which have some redirection url and when I enter the site url ,the page redirected to another web site !
would you please help me? how can I found the virus script ?
server is Linux CentOS with cPanel and that files don't have 777 permission !
Regards,
|
| Posted by Sileep Kumar M S, 03-31-2010, 04:29 AM | | Install clamAV and scan your files.
|
| Posted by webhostbeginner, 03-31-2010, 05:14 AM | | thanks for your help, as I said in my post I founded the files , I want to know why that files have virus ! may be a script run on my server, isn't it ?
|
| Posted by ksv2nash, 03-31-2010, 06:28 AM | | Hello,
Install Securenobody, chrootkit & Rkhunter this will show all error which you have because of virus.
|
| Posted by assistanz247, 03-31-2010, 06:52 AM | | Install mod_security in your server and this is the only tool which can block javascript injections.
|
| Posted by ovisopa, 03-31-2010, 09:05 AM | | The virussed files are only in one cpanel account or there are more than one accounts virused ?
It's more likely the files got virused by your clients computer, thrugh FTP with cPanel user/password ... check that account FTP logs to see the activity.. if there is only one account affected.
|
| Posted by VIPoint, 03-31-2010, 10:48 AM | | Hi,
The javascript virus is mainly caused through FTP connections from your clients computers.
>> Scan your server for similar codes in all webpages.
>> Send an e-mail to all your customers not to store their FTP username and password in their FTP clients.
>> Ask all your customers to change their cpanel passwords immediately.
>> Run a chkrootkit and rkhunter scan to find out any malicious rootkits or malware in the server.
>> I will recommend to you to install firewall and go for fortified server setup in order to secure the server.
|
| Posted by HSN-Saman, 03-31-2010, 12:27 PM | | Hmm,Gumblar!
Purchase and install CXS
You can use this :
SOLUTION for Gumblar/IFRAME/JS hacks with stolen FTP Passwords...
|
| Posted by bvsonline, 04-30-2010, 01:12 AM | | clamAV, chrootkit and Rkhunter are good for finding virus.
|
| Posted by inspiron, 04-30-2010, 06:07 AM | | Visit to the Gotroot.com for the mod_security rules you will find their lots of rules.
|
| Posted by Extremeseo, 04-30-2010, 06:15 AM | | You need to install mod_security for your server,and if you already have installed it,then you should get latest and most flexible rules from there site,
Check and scan your server for shell script,you can use locate command for this purpose,
And also scan each of the user directory using ClamAv
thanks
kind regards
|
|
 Add to Favourites
 Print this Article
|
