Malware spaming from my site [closed]

https://stackoverflow.com/questions/18399071

26-06-2022
|

Question

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.

We don’t allow questions about professional server or networking-related infrastructure administration on Stack Overflow. You can edit the question so it’s on-topic for Stack Overflow.

Closed 8 years ago.

Improve this question

Seomeone placed script in my site that send email, how I cant found this script ? I use parallels and Linux CentOs.

I'm search keyword in site "mail(", but also cant be that code is like hash

Solution

It could be anywhere, and it could be anything. It could even have been deleted.

We did have a situation a while back where a client lost control of their password due to a keylogger and someone was uploading a CGI script to spam emails, running it then deleting it. We only found out via FTP logs what was going on.

Try checking your ftp logs, web server logs and if all that fails and you are sure it is php then try searching for eval( as that is an often used tactic to hide what a script is doing.

More importantly though, my suggestion would be to get someone who is experienced in server management to have a look at your site as a matter of urgency. If they were able to upload a file to your site once, then even if you remove it, it won't stop them doing it again until you find exactly how they were able to do it.

OTHER TIPS

You might also have a look at your scripts. Is there a contact form somewhere on your site? You might have not escaped userinput very well, which gives an attacker the ability to send mails to other recipients.
I had a similar situation in my early days until the host blocked the script and told me to fix it.

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow