Page 1 of 1

HACKED AGAIN HELP

Posted: Fri Jan 25, 2019 10:14 am
by wyamout
Hi now my other server on vestacp is hacked and this time it is different.
Like I tried removing the whole domain all files gets deleted then some files keep coming back with obvious malicious codes in them..

Tried deleting with ssh still come back...

Any idea how can i track this to remove it, changed all passwords already

Re: HACKED AGAIN HELP

Posted: Fri Jan 25, 2019 11:05 am
by grayfolk
Did you use Wordpress?

Re: HACKED AGAIN HELP

Posted: Wed Feb 06, 2019 7:12 pm
by rhyker2u
1. Double check your file access rights

2. You could try this A/V scanner cmd:

Code: Select all

clamscan -r -i /home
3. tighten your security with https://cisofy.com/lynis/
Tutorial: https://www.digitalocean.com/community/ ... untu-16-04

4. Maybe have backups (as VestaCP makes them) Try that.

However if you're site is compromised on a files and/or content level? It means -- in most cases -- you're f*cked.
5. Really like to go over things before you put them live? Create a XAMPP / WAMP / MAMP local environment.

Re: HACKED AGAIN HELP

Posted: Thu Feb 07, 2019 11:05 am
by tomas
I think that the main problems is file and folder perrmisons...What are they ?

Re: HACKED AGAIN HELP

Posted: Fri Feb 08, 2019 6:58 am
by jg637
I had the same problem with my site, it kept getting hacked (Wordpress).

I just deleted the whole installation and reinstalled a fresh copy of Wordpress.

I then added the Wordfence plugin and I haven't had any problems since.

Re: HACKED AGAIN HELP

Posted: Thu Feb 14, 2019 6:23 pm
by songhanpoo
wyamout wrote:
Fri Jan 25, 2019 10:14 am
Hi now my other server on vestacp is hacked and this time it is different.
Like I tried removing the whole domain all files gets deleted then some files keep coming back with obvious malicious codes in them..

Tried deleting with ssh still come back...

Any idea how can i track this to remove it, changed all passwords already
Are you using private key login to vps ?