0

I recently had a keylogger on my computer recording usernames and passwords including their respective web addresses. I have changed all my passwords however on my web hosting account, in the FTP, there are numerous copies of the same exact file. For example:

Original file: index.html

100+ new copies: index.html298fmla9g9dlandkf ... with random characters.

Should I be worried? They are clogging up space on my server and they're horribly tedious to delete. My server went from 3gbs taken to about 45gbs taken.

Files on my server

Mason Cooper
  • 1
  • They'll be much easier to delete if you have shell access to the machine, as you can just `rm index.html*` (this will also delete `index.html`, so have a copy of that elsewhere first). But if it's compromised you need to nuke the machine entirely. – Xiong Chiamiov Oct 15 '17 at 19:05

1 Answers1

1

Yes, you should be worried. Those are most likely chunks of a segmented file(s). Your system appears to be being used by someone to distribute files. Likely whoever had the keylogger got your server username and password from there. You should definitely change all of your passwords and consider resinstalling the operating system on your local box from original media or at least restore a known uncompromised backup if you can tell when you got comproised.

You should also contact your hosting provider's security team and let them know what happened. They may be able to assist you with clean up and ensure you get your account back under your control safely.

Good Luck.

RichardNixon
  • 11
  • 2