Topic-icon Malware on website

  • alanbrackenphoto
  • alanbrackenphoto's Avatar Topic Author
  • Offline
  • New Member
  • New Member
3 years 8 months ago #5306 by alanbrackenphoto
Replied by alanbrackenphoto on topic Malware on website
I have a few sites sharing the same database and since this particular site was launched in November the database gets hammered with what appears to be brute force attacks (massive throughput and up to 8000 selects a seconds as apposed to 10 when this site is not running). I have secured the login points and am confident its not coming from this or any form on the site. I did find injected malware script early on which I deleted and that appeared to stop it for a while but it came back within a week. It seems to happen at specific times (Mondays, Fridays, 1st of month) so is scheduled but its at the point now where no mount of apache restarts or DB reboots will stop it so I have been forced to put the site into maintenance mode. Hope this gives a clearer picture.

Please Log in or Create an account to join the conversation.

3 years 8 months ago #5309 by Jose
Replied by Jose on topic Malware on website
Umm, I see. If the malware scanner is not detecting encoded content then maybe you should look for "select" or other Mysql patterns in the files. In a Linux environment you can do that with the "grep" command.

Also you could try analyzing the entire filesystem with a server antivirus; does you hosting provider have one?

And the last step could be identify which file is launching the queries; at this point you will need the help of your hosting provider. Explain them the situation so they can take actions to identify the file.


Please Log in or Create an account to join the conversation.

Time to create page: 0.066 seconds
Powered by Kunena Forum

Login or Sign In