Iframe Malware in my website.

[mehargags]

I can point you in some Directions, may be it can help you.

pls check attached some PHP/SH scripts that you can run to see your code's malicious detection. I don't remember whereall I got these from so posting the whole folder.

CodeScanner.zip
------------------------------
Also try try scanning with maldet https://www.rfxn.com/projects/linux-malware-detect/

The infected files with injected code should have a different modified date than the rest of the files of the website? so start spotting them by date modified, you may possibly be able to spot the injected files.

As Skurudo hinted... search all the files for "eval(" to detect anything suspicious.

Code: Select all

grep -R "eval(" .

the Last and absolute resort would be to get all files checked by a PHP Dev .

Good luck

[30874]

I can point you in some Directions, may be it can help you.

pls check attached some PHP/SH scripts that you can run to see your code's malicious detection. I don't remember whereall I got these from so posting the whole folder.

CodeScanner.zip
------------------------------
Also try try scanning with maldet https://www.rfxn.com/projects/linux-malware-detect/

The infected files with injected code should have a different modified date than the rest of the files of the website? so start spotting them by date modified, you may possibly be able to spot the injected files.

As Skurudo hinted... search all the files for "eval(" to detect anything suspicious.

Code: Select all

grep -R "eval(" .

the Last and absolute resort would be to get all files checked by a PHP Dev .

Good luck

Thank you very much. Now I will do anything that let it solve.

Narong.

[30874]

I can point you in some Directions, may be it can help you.

pls check attached some PHP/SH scripts that you can run to see your code's malicious detection. I don't remember whereall I got these from so posting the whole folder.

CodeScanner.zip
------------------------------
Also try try scanning with maldet https://www.rfxn.com/projects/linux-malware-detect/

The infected files with injected code should have a different modified date than the rest of the files of the website? so start spotting them by date modified, you may possibly be able to spot the injected files.

As Skurudo hinted... search all the files for "eval(" to detect anything suspicious.

Code: Select all

grep -R "eval(" .

the Last and absolute resort would be to get all files checked by a PHP Dev .

Good luck

Thank you very much. Now I will do anything that let it solve.

Narong.

How to use the PHP scripts scan file as your suggestion. I am new to all activities, but I am trying to do it

[30874]

You need to delete or move those files from your site, but how it work after this - it's need to test

Now , I try to delete it from my site and acutally i need to delete all data from my site . I can do it again how to delete the problem site out of vesta (I mean format this site but still keep another site in vesta).

I hope you can help me for this.
Best regards,
Narong.

[mehargags]

Copy the PHP file inside your site root and call it from the browser, the SH script needs to be run from SSH.

[30874]

Copy the PHP file inside your site root and call it from the browser, the SH script needs to be run from SSH.

Thank you very much . I am trying and let you know about stauts.

Best regards,
Narong.