1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice
  3. Dear Pleskians, I really hope that you will share your opinion in this Special topic for chatter about Plesk in the Clouds. Thank you!
    Dismiss Notice

Websites on linux domains are showing up with trojan's

Discussion in 'Plesk 10.x for Linux Issues, Fixes, How-To' started by PaddingtonC, Jun 22, 2012.

  1. PaddingtonC

    PaddingtonC Basic Pleskian

    15
    60%
    Joined:
    Jan 24, 2012
    Messages:
    48
    Likes Received:
    0
    I have an Ubuntu 8.04LTS server running Plesk 9.5 and although all Plesk security patches are in place there are infections on the websites which are displayed as warnings.In file manager I see that a code is added to normal files and I manually check the files and delete the added code. I have had 12 sites reported so far.
    How can I isolate the root cause? I tried doing a "find . -name gootkit "but cannot pick up anything. Is there an anti virus for linux I can use apart from rkhunter which is already running?
     
  2. abdi

    abdi Platinum Pleskian

    31
    18%
    Joined:
    May 14, 2006
    Messages:
    2,913
    Likes Received:
    60
    iScanner is a free open source tool lets you detect and remove malicious codes and web page malwares from your website easily and automatically. iScanner will not only show you the infected files in your server but it's also able to clean these files by removing the malware code ONLY from the infected files.

    http://iscanner.isecur1ty.org/
     
  3. Hostasaurus.Com

    Hostasaurus.Com Regular Pleskian

    30
    68%
    Joined:
    Oct 8, 2009
    Messages:
    465
    Likes Received:
    8
    I've found that 9.5.4 will sometimes think it has all the updates applied even when it doesn't; try adding something via the autoinstaller to coax it into re-downloading all the microupdates.

    Oh, and you should change all client passwords and ftp passwords because thanks to Parallels not bothering to tell anyone there was a serious vulnerability in Plesk from October/November timeframe until February/March, it could be that your server had its passwords compromised long ago and hackers are just now getting around to using them even though you're up to date on patches.
     
Loading...