Results 1 to 8 of 8
  1. #1

    Question exploited by some php script !!!!


    yesterday my server was down
    i contacted support and they told me
    that my server up but nothing was running in it
    they restarted it and every thing was ok

    today the same problem again

    i asked support what cause this they told me:

    Looks like the user XXXX ( /home/XXXX/public_html ) has been exploited by some php script in their homedir

    there's malious bots in the dir now

    it's heavily infected

    I suspended account XXXX and tried to clear it

    they told me

    You have a bunch of suspect files in XXXX public_html still, for example shell.php

    what do you advice me to do with this assue ?
    I need this site in my server and don't want to remove it


  2. #2
    Join Date
    Mar 2003
    California USA
    Well i would beef up the security of the server with mod_security, etc. Look in logs and find out how its being exploited and patch what is being exploited, cleanup what was put there
    Steven Ciaburri | Proactive Linux Server Management -
    Managed Servers (AS62710), Server Management, and Security Auditing.

  3. #3
    Find out what PHP scripts that user is running and tell the user to update to the latest version. Check for exploits on that script by searching google.

  4. #4

    which logs you talk about ?

    can you explain more about mod_security


  5. #5
    For the sake of your business, I advise you to higher an admin that specializes in server security and have them fix and patch it up for you. Better safe then sorry

  6. #6
    Join Date
    Jun 2005
    Originally posted by MrAdmin

    which logs you talk about ?

    can you explain more about mod_security


    You didn't specify your os also is there any control panel sofware running on your server?.
    If not could you please have a look at this link

    You can find out the exact reason by checking the logs on your system
    Please check the apache,secure and messages on your system. It will help you to solve your problem

    Let me know the status

    With regards,

  7. #7


    Thank you.
    Peter M. Abraham
    LinkedIn Profile

  8. #8
    Join Date
    Dec 2004
    New York, NY
    Also, if you want a tutorial for installing mod_security and need a decent ruleset, check out this page:

    MediaLayer, LLC - Learn how we can make your website load faster, translating to better conversion rates for your business!
    The pioneers of optimized web hosting, featuring LiteSpeed Web Server & SSD Storage - Celebrating 10 Years in Business

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts