Page 1 of 2
Iframe Malware in my website.
Posted: Tue Mar 03, 2015 1:25 am
by 30874
Dear All,
Please help me on this problem. There are malwares in my website and I can't access Vesta now. How to delete it?
Best regards,
30874
Re: Iframe Malware in my website.
Posted: Tue Mar 03, 2015 10:17 am
by TheNewOne
A quick "solution" would be, to access your server via ssh, find the iframe pages and delete the entries.
Go to the directory like
cd /home/user/
then search for the iframe in alle files below that directory
grep -rl "iframe" *
You'll get a list of files which includes the string "iframe".
Good luck.
Re: Iframe Malware in my website.
Posted: Wed Mar 04, 2015 8:27 pm
by mehargags
ssh and clamscan...
But I strongly suggest you to wipe off your VPS and start afresh, install vesta, do some security hardening and then restore your side from a healthy backup.
I presume you have backups ? if not -- I think you are in deep trouble.
Re: Iframe Malware in my website.
Posted: Wed Mar 04, 2015 8:43 pm
by skurudo
clamscan - not always good choice for shell. Sad, but true
Need to search weird files with "eval(..."
Re: Iframe Malware in my website.
Posted: Thu Mar 05, 2015 11:18 am
by mehargags
Yes as I said -- best is to clean wipe your VPS, harden security, then restore a clean backup
Re: Iframe Malware in my website.
Posted: Thu Mar 05, 2015 11:34 am
by 30874
I am a new for VPS. Could you please suggest the code for run in putty for checking system?
Thank you for your suggestion.
Best regards,
Narong.
Re: Iframe Malware in my website.
Posted: Thu Mar 05, 2015 11:38 am
by skurudo
30874 wrote:I am a new for VPS. Could you please suggest the code for run in putty forme?.
Something like this:
Code: Select all
find /home -type f -name "*.php" | xargs grep "eval("
be carefull with files, if you wish to delete thise
Re: Iframe Malware in my website.
Posted: Thu Mar 05, 2015 11:44 am
by 30874
how to show you the data after run the code. There are many lines of them.
Re: Iframe Malware in my website.
Posted: Thu Mar 05, 2015 11:53 am
by 30874
skurudo wrote:30874 wrote:I am a new for VPS. Could you please suggest the code for run in putty forme?.
Something like this:
Code: Select all
find /home -type f -name "*.php" | xargs grep "eval("
be carefull with files, if you wish to delete thise
what will happen if I get many lines of this code and I go to delete it in filezilla. It will solve the problem?
Re: Iframe Malware in my website.
Posted: Thu Mar 05, 2015 2:21 pm
by skurudo
You need to delete or move those files from your site, but how it work after this - it's need to test