Kryptronic Software Support Forum
You are viewing this forum as a guest. Login to an existing account, or create a new account, to reply to topics and to create new topics.
Pages: 1
- Index
- » ClickCartPro and EuropaCart 8
- » Malware Detected in Script... What should I do here?
#1 09-26-2014 02:58:28
- mixer25
- Member
- From: Ireland
- Registered: 04-02-2006
- Posts: 601
Malware Detected in Script... What should I do here?
I had the following message from my server company, I have changed password etc, but unsure how it got exploited, I last updated the software probably 4 months back, is there anything else I need to do here?
Thanks
This ticket is being created to discuss the below account with you. During a routine daily scan of this server we have identified file(s) within the account that appear to be compromised, based upon MD5 file hashes and HEX pattern matches of currently known exploits.
We have detailed any action taken by ourselves and included as much relevant information as possible below. It would be appreciated if you could urgently review this report and inform us that you are investigating. We kindly ask you to acknowledge this ticket within the next 24 hours, as a lack of response may result in the website being suspended.
List Of Exploited Files:
=========================================================================
{HEX}perl.generic.fakeproc.49 : /home/moy29/public_html/downloads/error/error.log => /usr/local/maldetect/quarantine/error.log.28374
=========================================================================
Action(s) Taken:
=========================================================================
The offending files have been quarantined
=========================================================================
Typically we see exploited files in accounts that are running out-dated and insecure versions of web scripts and modules/components of these scripts. We additionally see these files in accounts that have weak passwords, insecure file permissions and connecting computers that have been compromised themselves.
In an effort to remedy any unknown harm that has been done, and to protect against future exploits, we highly recommended the following actions:
* Immediate change of all passwords associated with this account
* Auditing of the account (old scripts, unknown files, etc)
* Ensure web scripts and associated modules/plugins are up-to-date and secure
* Performing security sweeps of any computer systems that connect to this account
Offline
#2 09-26-2014 08:31:05
Re: Malware Detected in Script... What should I do here?
Hi. The public downloads directory should only have files in it - no directories. The /downloads/error/* files were put there by something other than the software.
I would check to see if you have anything like Wordpress or Joomla running on the site in an insecure fashion. I would recommend NOT running Joomla at all (we've seen too many security issues with it), and if you run Wordpress, be sure to run FULLY UPDATED it with either the Bulletproof or All-In-One WP Security & Firewall.
In the past several years we have seen a large number of attacks on PHP-based software. 99% of the attacks we've seen fall into one of three categories:
(1) Compromised FTP Account Password
(2) Insecure Joomla Installation
(3) Insecure Wordpress Installation
These attacks generally do one of three things:
(1) Corrupt PHP scripts in an effort to download malware using JavaScript to browsers visiting the site.
(2) Add/Corrupt PHP scripts in an effort to send unsolicited mails (spam) directly.
(3) Add/Corrupt PHP scripts in an effort to send unsolicited mails (spam) via created cron jobs.
At Kryptronic Managed Hosting we do our best to ensure all code is 100% clean when migrated to our hosting accounts and we have special monitors like your host does which detect issues.
I hope that helps.
Nick Hendler
Offline
Pages: 1
- Index
- » ClickCartPro and EuropaCart 8
- » Malware Detected in Script... What should I do here?