I am currently learning to manage Linux based hosting servers. However my server was attacked by shell attack and was compromised, now a lot of domains on my server are being used for phishing and other such malicious activities. Also, the email accounts on these domains are being used for spamming. Now that I am looking for suspicious files in the file directory of every domain. I have found out that "dovecot.index" and other such files whose names start by dovecot has a weird and suspicious-looking script. Please help me with this and guide me if dovecot is a virus or trojan or not? This is the script that I have found when I edit "dovecot.index" file. I have also attached the screenshot of this edit too.
- Removed -
- Removed -
Attachments
-
320.2 KB Views: 11
Last edited by a moderator: