Aug 11, 2011
tom
No Comments

Server redirect malware

Question

I have a linux packaged server (is that right?) that I run for a coworker. It has recently been hacked and I’ve been trying for the last few days to get rid of the malware. It now redirects most of my sites to http://gator65.hostgator.com/~db905/tds/out.php?s_id=1. What can I do?

Answer

Wipe the drive. Reinstall from known-good backup.

There are plenty of ways you can miss something that’s installed and hidden on a server that’s been rooted.

Unless you had hashes of all your files/binaries, you can’t even tell if you’re running the correct applications on your server. For all you know you’re running altered system binaries that are specifically tailored to hide the malware. Your logs could be hiding information, and your system could be hiding network connections to spam/malware sites, and your system is distributing more warez/malware. Take it offline, restore it, fix the security holes and do all updates, and make sure your backup is from pre-rooting.

Check more discussion of this question.

Related posts:

  1. Server side url scanner for malware, spyware , viruses and protect my visitors
  2. Possible malware on my server, how to search the source?
  3. Portable Malware Scanning Software for Win2008
  4. windows xp home security Trojan.FakeAlert – virus/scareware/malware
  5. Will installing Django on Linux VPS server, cause any issue to live sites

Leave a comment