• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Issue xmri Infected

I

Inma

Regular Pleskian
Server operating system version
Debian
Plesk version and microupdate number
18.0.55
This server has had an infected hosting which created these files and ran that command using the FTP user and there was no way to stop it, every reboot and change of ftp data... was re-run

that hosting no longer has a web site only mail . So in theory we thought it was fixed but NO, now run this with user 10007

I search xmri no longer shows me any files because the infected website has NO website or place to upload files or infected files... any ideas ?


1698501437784.png


1698501115480.png
 
You could try to run maldetect (that's a third party tool) to scan all files on the server for malware, because there might still be infected files on the server if the software managed to access the root level. You should also check that your /tmp partition (or directory) do not have any file execution permissions.
 
hello, yesterday I rebooted the machine and it has already disappeared that attacker... I keep checking and check the permissions of /tmp and scan in Immunify and maldetect.

Thanks
 
You must log in or register to reply here.

Similar threads

G
Issue Database Malware or False Positive?
Replies
2
Views
390
Gene Steinberg
G
andreios
Issue Problem with excessive PHP opcache file caching
Replies
2
Views
254
andreios
andreios
E
Issue Plesk on Ubuntu through AWS Lightsail FTP Issues
Replies
2
Views
174
AYamshanov
AYamshanov
S
Issue FTP broken?
Replies
0
Views
94
Scared Donut
S
WebHostingAce
Question Wordpress Hacked! Unusual Plesk Behavior
Replies
9
Views
3K
WebHostingAce
WebHostingAce
Back
Top