Jump to content

Malware infection,again


Recommended Posts

My revive adserver installation is hacked.. I am not sure what to do and how to protect myself. I will need help with one answer (this is what my hosting company asked me ). This is what they say (and ask) to notify developers: Thank you in advance

1. that in those scripts below has vulnerabilities.
2. via those scripts hackers upload web shells to the server.
3. If those scripts are not a part of 'advertiser' then we need to remove them.


4473141 16 -rw-r--r-- 1 domains domains 14733 Apr 30 2014 ./deliveryLimitations/dump.php
4855755 16 -rw-r--r-- 1 domains domains 12522 Apr 30 2014 ./bannerTypeHtml/vastOverlayBannerTypeHtml/menu75.php
2229511 16 -rw-r--r-- 1 domains domains 13265 Apr 30 2014 ./bannerTypeHtml/footer.php
4863443 12 -rw-r--r-- 1 domains domains 12197 Apr 30 2014 ./etc/oxInvocationTags/dirs14.php
4861793 16 -rw-r--r-- 1 domains domains 13606 Apr 30 2014 ./etc/oxLogClick/alias24.php
4861973 16 -rw-r--r-- 1 domains domains 15381 Apr 30 2014 ./etc/Site/proxy.php
4456689 16 -rw-r--r-- 1 domains domains 12776 Apr 30 2014 ./deliveryLog/lib20.php
4853612 16 -rw-r--r-- 1 domains domains 12908 Apr 30 2014 ./videoAds/footer.php
after POST query into any of those files, in a file system appears the encoding scripts such advertisers/inc73.php across which the big botnet sends a tons of spam mails.


Thank you in advance

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...