Questions tagged [malicious]
33 questions
3
votes
5 answers
php site defacing
Possible Duplicate:
My server's been hacked EMERGENCY
someone is intruding in our site and putting following line in our main page (index.php):: In the following code bottom.php is our own file and the intruder is putting the "echo
2
votes
3 answers
Strange requests coming from Korean Site
Lately I've been finding a lot of strange requests like this coming to my rails app:
Processing ApplicationController#index (for 189.30.242.61 at 2009-12-14 07:38:24) [GET]
Parameters:…
Jim Jeffers
- 133
- 3
1
vote
3 answers
What happens if you "print" an application or program in Windows?
What happens if you right click on an application/program in Windows, and click "Print"? I accidentally almost did this when I right clicked a program icon to open from the desktop, but accidentally clicked "Print". I closed out before proceeding.…
Jonathan
- 123
- 7
1
vote
1 answer
Malicious Code detected generated error page
We started getting an error page when we post iframes or scripts on our sites. Whether it's from the admin or a test script on a "test.php" page.
The problem is we don't know what is generating this page. From all my research it seems like it's the…
Melonheadjr44
- 21
- 2
1
vote
1 answer
Countless (defunct?) SSH processes -how do stop it from happening?
My vServer hoster threatens to cancel our contract if I don't stop creating thousands (9000 to be precise) of SSH processes. I don't know if they made the processes defunct or if they were like this when they found them. They sent me a document…
ASA
- 119
- 1
- 4
1
vote
1 answer
Getting heavy traffic from random IP addresses
Digital ocean closed my droplet dude to have traffic on droplet.
I made a new droplet(instance) and I am facing the same issue again.
My nginx access.log is full of random ip address trying to make POST call. I have pasted some of it at the…
Praveen Singh Yadav
- 111
- 2
1
vote
0 answers
LMD/Maldetect: Missing target-file operand after
After running mallet 1.5 in screen-mode (# maldet -a /var/www) I'm getting this return:
maldet(6070): {scan} 618017/618044 files scanned: hits 0 cleaned/usr/bin/wc: /usr/local/maldetect/tmp/.sess.6070: Datei oder Verzeichnis nicht…
MyFault
- 893
- 3
- 14
- 35
1
vote
3 answers
clamscan using maldet Error: Servname not supported for ai_socktype
So i have installed Linux Malware Detect (maldet) to scan a server and everything went fine with installation but when i run it i get an error. Bunch of errors and than the scan just closes it.
Here is a command i have run on maldet to scan for a…
lonerunner
- 124
- 1
- 3
- 16
1
vote
1 answer
Malicious script changing .htaccess files on server
Possible Duplicate:
My server's been hacked EMERGENCY
There seems to be a malicious script accessing my server and editing the .htaccess files for all of my hosted sites to redirect towards spam links.
What is the best way to stop this from…
DanC
- 111
- 4
1
vote
3 answers
Ssh log monitor
Are there any tools to monitor ssh logs at /var/log/secure and report activity?
I am looking for some tools that will proactively tell me about user actions and highlight malicious activity.
I don’t want write a cron based log tool since I am…
Quintin Par
- 4,293
- 10
- 46
- 72
1
vote
3 answers
What is this script that's been injected into our website?
This morning I discovered that a script has appeared in multiple locations on two of our websites.
Needless to say I'm recovering the sites from backups, changing our passwords and trawling the FTP logs. Are there any other actions I should…
doctororange
- 121
- 4
1
vote
3 answers
Is it worthwhile to block malicious crawlers via iptables?
I periodically check my server logs and I notice a lot of crawlers search for the location of phpmyadmin, zencart, roundcube, administrator sections and other sensitive data. Then there are also crawlers under the name "Morfeus Fucking Scanner" or…
aardbol
- 1,463
- 4
- 17
- 25
1
vote
1 answer
WordPress MYSQL DB BINARY LOG - Droplet/SERVER Volume Increasing rapidly
My WordPress website uses Nginx. Recently I have noticed that server volume has increased from 8GB to 40GB. I have found that the WordPress MYSQL Binary Log is taking more space. Each second, database transactions are written to the Binlog files.
I…
Ibrahim EL-Sanosi
- 11
- 2
1
vote
0 answers
Malicious files generating in CentOS 7 directory /usr/bin
I installed a CentOS 7 at my Virtual Machine,
As i have installed the antivirus on the machine i found some files in /usr/bin which coming as Malicious content, i backup them and again they generated with another names, and names are randoms. Can…
Ali Shan Zaidi
- 11
- 1
0
votes
2 answers
Malicious Script on LAMP Server
We have recently noticed that a malicious script is inserting itself in a number of PHP and HTML files on our domain questoons.com and the various add-on domains hosted on this account. The script inserts itself at the end of the file and the code…
Vinayak