0

Recently i found some phishing files (PHP/HTML) on my server which were previously not present. I deleted them but later another set of files reappeared.

This is happening for all the sites hosted on my server even after changing the admin panel and FTP credentials .

My Question:

Is it possible for someone using some nulled software to get my server ftp credentials and put those files in the server?

EEAA
  • 108,414
  • 18
  • 172
  • 242
Anmol Dubey
  • 1
  • 1
    I assume this server has outward-facing WWW sites run via PHP code, and isn't just an FTP server? If so, have you examined server access logs to see if any unusual activity can be detected? – Kevin_Kinsey Oct 20 '15 at 19:28
  • I had answered this quite some time ago for another person but can't find it. In short, if it's a shared hosting provider like GoDaddy it may not be your account that is compromised. It could be someone else. I would report it to your hosting provider and inform them of the PHP injection. – Travis Oct 20 '15 at 20:56

0 Answers0