tkalfaoglu
Silver Pleskian
- Server operating system version
- AlmaLinux
- Plesk version and microupdate number
- Obsidian
I have an interesting case. A web site (wordpress) has all the security applied in plesk, but it's virus ridden. Has been scanned and cleaned by ImmunifyAV many times.
I saw that the index.php has viruses so I deleted that file. the moment I delete it, it reappeared. It appears it attached itself to systemd ?
# ps aux|grep dutch
dutchene 24371 0.0 0.0 507176 25420 ? S Sep29 2:41 /opt/plesk/php/7.4/bin/php /var/www/vhosts/dutchenergetics.com/staging.dutchenergetics.com/cron.php
dutchene 41969 0.2 0.0 90188 10096 ? Ss Sep29 57:26 /usr/lib/systemd/systemd --user
dutchene 41983 0.0 0.0 317272 712 ? S Sep29 0:00 (sd-pam)
dutchene 42083 0.0 0.0 76404 4228 ? Ss Sep29 0:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
PS: That cron.php file does not exist.
How can I clean this site?
Thanks!
-t
I saw that the index.php has viruses so I deleted that file. the moment I delete it, it reappeared. It appears it attached itself to systemd ?
# ps aux|grep dutch
dutchene 24371 0.0 0.0 507176 25420 ? S Sep29 2:41 /opt/plesk/php/7.4/bin/php /var/www/vhosts/dutchenergetics.com/staging.dutchenergetics.com/cron.php
dutchene 41969 0.2 0.0 90188 10096 ? Ss Sep29 57:26 /usr/lib/systemd/systemd --user
dutchene 41983 0.0 0.0 317272 712 ? S Sep29 0:00 (sd-pam)
dutchene 42083 0.0 0.0 76404 4228 ? Ss Sep29 0:00 /usr/bin/dbus-daemon --session --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
PS: That cron.php file does not exist.
How can I clean this site?
Thanks!
-t