Everytime when I try to access my website it got redirected to some malicious spam site, after lots of search I came across term apache backdoor redirect referer,I have root access of cpanel and whm.
Need some help in removing this exploit from servers.
Any help will be appreciated
Asked
Active
Viewed 502 times
0
-
Does the relevant `
` container from the raw configuration file(s) look sane? What about the global configuration? – user Dec 23 '16 at 10:41 -
actually I'm little new to who,and don't know where to find
– user3456217 Dec 23 '16 at 10:54
1 Answers
1
(this started off as a comment, but its getting a bit long)
I have root access of cpanel and whm
Yes, you need a lot of help - and more than can be sensibly provided here. You're probably going to need at least 2 days work from a competent web administrator. They are going to need to root access to the server via ssh.
If its not a dedicated host or if you don't have access to the root account via ssh, then only your service provider can help you.
In addition to removing the backdoor, whoever fixes this will also need to find the vulnerability which was exploited to install the backdoor.
Your problem is finding someone competent in them you can have some faith, and since your first port of call appears to be a free bulletin board, someone who is very very cheap. Unfortunately that's a near impossible task unless you're already well connected in certain IT circles.
I'm guessing from your post that English is not your first language. In the UK, if I were in your shoes I would be expecting to spend at least £2500 (Sterling) / $3000 (US) on consultancy services to resolve the problem (could be a lot more).
Leaving your site as is or removing the backdoor without addressing the underlying vulnerability will likely lead to it being used for other practices harmful to the internet / society. And as the site owner you might be called to account for its behaviour.
I estimate that it would take you around 2 years of full time study to acquire the skills you would need to tackle this yourself.
You need to have a long think about whether to
- engage someone to restore your site and eliminate the vulnerability
- scrub the site and start again (and how are you going to avoid the same errors you made last time?)
- shut down the site and walk away
While I would like to encourage you to develop your skills this is way too much to take on without good security skills and a strong knowledge of systems admin/programming. Meanwhile your site is causing harm.
symcbean
- 18,278
- 39
- 73