Iframe Malware in my website.

[30874]

Dear All,

Please help me on this problem. There are malwares in my website and I can't access Vesta now. How to delete it?

Best regards,
30874

[TheNewOne]

A quick "solution" would be, to access your server via ssh, find the iframe pages and delete the entries.

Go to the directory like
cd /home/user/

then search for the iframe in alle files below that directory
grep -rl "iframe" *

You'll get a list of files which includes the string "iframe".

Good luck.

[mehargags]

ssh and clamscan...

But I strongly suggest you to wipe off your VPS and start afresh, install vesta, do some security hardening and then restore your side from a healthy backup.

I presume you have backups ? if not -- I think you are in deep trouble.

[skurudo]

clamscan - not always good choice for shell. Sad, but true

Need to search weird files with "eval(..."

[mehargags]

Yes as I said -- best is to clean wipe your VPS, harden security, then restore a clean backup

[30874]

I am a new for VPS. Could you please suggest the code for run in putty for checking system?

Thank you for your suggestion.
Best regards,
Narong.

[skurudo]

I am a new for VPS. Could you please suggest the code for run in putty forme?.

Something like this:

Code: Select all

find /home -type f -name "*.php" | xargs grep "eval("

be carefull with files, if you wish to delete thise

[30874]

how to show you the data after run the code. There are many lines of them.

[30874]

I am a new for VPS. Could you please suggest the code for run in putty forme?.

Something like this:

Code: Select all

find /home -type f -name "*.php" | xargs grep "eval("

be carefull with files, if you wish to delete thise

what will happen if I get many lines of this code and I go to delete it in filezilla. It will solve the problem?

[skurudo]

You need to delete or move those files from your site, but how it work after this - it's need to test