Search found 7 matches
- Sat Mar 10, 2012 1:46 am
- Forum: General Help and Development Discussion
- Topic: GootKit
- Replies: 37
- Views: 29181
Re: GootKit
Here's my script /root/removepl.php <? while (true) { sleep(1); system("/bin/mv /var/www/vhosts/*/cgi-bin/* /root/compromisedfolder/"); } ?> call it : php-cli /root/removepl.php & it will keep running the tmp files created will only be there if the gootkit successfully run, otherwise i...
- Fri Mar 09, 2012 8:41 pm
- Forum: General Help and Development Discussion
- Topic: GootKit
- Replies: 37
- Views: 29181
Re: GootKit
Parallels just sent out another urgent notice with a password changing script linked to it. Nifty little script. Thanks. I'll add a CRON that emails me the results. But personally I think it's not related to password, because they came in via a loophole rather than via proper means. No record of we...
- Fri Mar 09, 2012 12:21 pm
- Forum: General Help and Development Discussion
- Topic: GootKit
- Replies: 37
- Views: 29181
Re: GootKit
glad to hear it.
Finally we hopefully had put a stop to it.
Can't find any solution on the web for days.
My clean third day coming up.
And hopefully I could disable my secondly-run-two-liner-php-script from my system.
The only fear is whether the hacker took a break coincidentally
Finally we hopefully had put a stop to it.
Can't find any solution on the web for days.
My clean third day coming up.
And hopefully I could disable my secondly-run-two-liner-php-script from my system.
The only fear is whether the hacker took a break coincidentally
- Thu Mar 08, 2012 11:19 am
- Forum: General Help and Development Discussion
- Topic: GootKit
- Replies: 37
- Views: 29181
Re: GootKit
You don't need a do loop just one command for each http folder will do rm -rf /var/www/vhosts/*/httpdocs/test rm -rf /var/www/vhosts/*/httpsdocs/test Also, you might want to check for & delete subdomain test folders: rm -rf /var/www/vhosts/*/subdomains/httpdocs/test test folder does not exist u...
- Thu Mar 08, 2012 9:21 am
- Forum: General Help and Development Discussion
- Topic: GootKit
- Replies: 37
- Views: 29181
Re: GootKit
O yeah, make sure you kill the existing process of fcgi found under psJimDunn wrote:Ok, thx, I've deleted 37 of those /test/ folders that contained the test.fcgi (and a 100 other things).
Hopefully tomorrow at 7am all will be well.
My two-day-without-incident coming soon
- Wed Mar 07, 2012 11:02 pm
- Forum: General Help and Development Discussion
- Topic: GootKit
- Replies: 37
- Views: 29181
Re: GootKit
I've always wondered about the test scripts that ended up in Google. Like, HERE I AM. COME HACK ME! Plesk released a installer patch and my guess is that the installer creates these test folders and scripts? I am terrible at bash coding. How can we write a line like a do for loop that deletes all /...
- Wed Mar 07, 2012 8:08 pm
- Forum: General Help and Development Discussion
- Topic: GootKit
- Replies: 37
- Views: 29181
Re: GootKit
If someone comes up with a true solution, let me know... no matter what I do, they're back today. _________________ 3.14159265358979323846264338327950 "Ok, yes... I like pie... um, I meant, pi." Hi JimDunn and the rest, I had the same and I have collected literally thousands of these perl...