Web shell by orb joomla hosting
Originally Posted by Erawan Arif Nugroho
Do you mean, that the malware is come from that corrigent ftp?
You can simply delete all of the contents of that ftp corrigent, by loging in using the username and the password you mentioned.
since I am a Windows user, not a Linux user, I just use a WSFTP or FileZilla and login using the user ( CorCelestica ) and Password (flower18) to that domain.
If you already logged in, then you can remove all of the contents
the corrigent ftp is the attackers server. i dont see a reason to delete from there. anyways it missing
Reply With Quote 0
Web Hosting Evangelist
Join Date Jun 2010 Location Indonesia Posts 466
Originally Posted by varunkrish
the corrigent ftp is the attackers server. i dont see a reason to delete from there. anyways it missing
I see..
I was trying to login to them, and when I download the
file and the include.php, both of them automatically deleted by the AVG.
Last edited by Erawan Arif Nugroho; 08-15-2010 at 08:57 AM.
Reply With Quote 0
Web Hosting Evangelist
Join Date Jun 2010 Location Indonesia Posts 466
Originally Posted by tchryan
You might also want to scan the user account with LMD for malware content you may have missed:
www.webhostingtalk.com/wiki/Linux_Malware_Detect
install it and run:
lmd -a /home/user/public_html
Thank you. I am using it for my server now