Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!


Hacked again & again Website keeps getting infected files added HELP!
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Hacked again & again Website keeps getting infected files added HELP!

n1kkon1kko Member
edited January 2015 in Help

My site keeps getting files added in public_html

I have changed ftp pass dozens of times how is this happening all the time?

Please help

«13

Comments

  • Paste the file on pastebin, and what control panel or webserver are you using?




    Any software? Wordpress, SMF, MyBB?

  • Hire a server management company to get your site/server secured.

    Thanked by 1Maximum_VPS
  • Is this a VPS? What software you running? Something is probably out of date and being exploited.
    You should have stayed on top of updates... 99% the cause.

    Thanked by 1Maximum_VPS
  • Wordpress?

    Thanked by 1Maximum_VPS
  • jarjar Patron Provider, Top Host, Veteran
    edited January 2015

    If you just keep removing the compromised files without locating the source, it will keep happening.

    My money is on a wordpress site.

  • LeeLee Veteran

    Jar said: My money is on a wordpress site.

    That has a dodgy plugin.

    Thanked by 2jar Maximum_VPS
  • I'm not understand why posting such threads. If you think there are telepaths who'll remotely clean your VPS - you are failed. Hire sysadmin and you should be fine.

  • LeeLee Veteran
    edited January 2015

    Profforg said: If you think there are telepaths who'll remotely clean your VPS - you are failed.

    Careful, I know what you are thinking about doing while you're sitting there, in that room. You will go blind.

  • I have a VPS with cPanel the site in question is running Website Baker... junk I know but will be updating to another CMS soon.

  • Anyone recommend good server management?

    Thanked by 1Maximum_VPS
  • @n1kko said:
    Anyone recommend good server management?

    You will want someone who knows how to secure cPanel. Personally, I can live without it, but thats just me.

  • Using CPanel for private is not good decision. Use free/opensource CP.

  • I use cPanel as I host a few sites and easier for other people to use.

  • platinum server management is good and does the job for a cheap price,

    Thanked by 1Maximum_VPS
  • Is there any code added into the site?

  • Go with sucuri if you cant handle it alone.

  • n1kkon1kko Member
    edited January 2015

    an index.php file was uploaded with this in

    content="0;URL=https://alero.websitewelcome.com/~update/account/validation/

  • Remove the code and chmod to 644

  • n1kko said: Anyone recommend good server management?

    cPanel has a back door security issue that's compromised by cpanelkill. Secure your ftp ports 20 and 21. That ought to do.

    Thanked by 1n1kko
  • Remove the code and chmod to 644

    Sorry, i though only code have been added into the index.

  • BuyAds said: Sorry, i though only code have been added into the index.

    guess that happens too :)

  • @n1kko said:
    an index.php file was uploaded with this in

    content="0;URL=https://alero.websitewelcome.com/~update/account/validation/

    Looks like the website is a PayPal phishing page. I will try getting the page removed.

  • again & again

    cPanel as I host a few sites and easier for other people to use.

    to many answers , something like to late

    check your personal comp first

  • jarjar Patron Provider, Top Host, Veteran

    @n1kko said:
    Anyone recommend good server management?

    A server management company is most likely not going to secure your CMS. While its possible that cPanel was compromised in some way, it's far more likely that the compromise does not extend beyond the single Unix account executing the vulnerable PHP processes, assuming suPHP.

  • coolicecoolice Member
    edited January 2015

    @mustafaramadhan

    there almost a year since you told that kloxo-mr will get jailkit and still nothing happened... that is unserious... that feature and second think is same about interworx => email throttling - yes there is chrisf mod but their is http://www.qmailwiki.org/Throttle... jailkit and qmail recompiled with throttling can reassure people that kloxo-mr is again usable for more than single site / single vps panel ....

    @n1kko - first clean the site, you can use https://www.rfxn.com/projects/linux-malware-detect/

    or some of the word press plugins or download the site and scan it with local antivirus or both

    and remove all unused plugin and check if your theme have vulnerable theme (especially revolution slider one)

    Secondly if you buy managed vps ask for securing it (or you are using incompetent company )
    if it's unmanaged with addition cPanel

    You should to hire some one or do it your self

    I recommend to: Recompile Easy Apache with Mod Security, suhosin, and mod ruid2

    and in CPANEL tweaks choose : Jail Apache Virtual Hosts using mod_ruid2 and cPanel® jailshell.

    You can also install this rules https://waf.comodo.com/ and add csf firewall then you can follow csd security advices

    that will cover basic securing and isolation of the user accounts

    Thanked by 1n1kko
  • I think there will be a shell in your site from where the hacker is entering your site and controlling everything plus update the server your server might be rooted.

  • Just installing chkrootkit & rkhunter

  • I already had csf firewall which is all configured

  • jarjar Patron Provider, Top Host, Veteran

    I'm sure you're not rooted. Rooting a server to replace only one site's content repeatedly would just be a cruel joke ;)

    Thanked by 2netomx jamson
  • What about contacting cpanel? Those guys will help you on this for sure!

Sign In or Register to comment.