2 websites same reseller not showing - infected?
Posted: Mon Apr 08, 2013 6:18 am
Can someone help? On Saturday night 2 domains for one client became unavailable. I've done some digging to try and find out why. It looks like the header.php and index.php files are there, but are also hidden or missing:
and this is the header for the home page. But when I try to look at it, it is not there
and it is not listed on the folder either for some reason:
Can someone help with what might have happened? It looks like the domain has got a virus possibly.
I have tried to run and output a clamscan report, but it is either very slow or not working:
Code: Select all
[plesk3.hostname.co.uk ~]# locate header.php | grep hosted-domain | more
...
/var/www/vhosts/hosted-domain.com/httpdocs/wp-content/themes/hosted-domain2/header.php
...
Code: Select all
[plesk3.hostname.co.uk ~]# cat /var/www/vhosts/hosted-domain.com/httpdocs/wp-content/themes/hosted-domain2/header.php
cat: /var/www/vhosts/hosted-domain.com/httpdocs/wp-content/themes/hosted-domain2/header.php: No such file or directory
Code: Select all
[plesk3.hostname.co.uk ~]# ls -l /var/www/vhosts/hosted-domain.com/httpdocs/wp-content/themes/hosted-domain2
total 220
-rw-r--r-- 1 hosted-domain-ftp psacln 305 Jul 6 2012 404.php
-rw-r--r-- 1 hosted-domain-ftp psacln 3108 Jul 6 2012 archive.php
-rw-r--r-- 1 hosted-domain-ftp psacln 2212 Jul 6 2012 category-10.php
-rw-r--r-- 1 hosted-domain-ftp psacln 2263 Jul 6 2012 category-1103.php
-rw-r--r-- 1 hosted-domain-ftp psacln 2203 Jul 6 2012 category-3.php
-rw-r--r-- 1 hosted-domain-ftp psacln 2234 Jul 6 2012 category-4.php
-rw-r--r-- 1 hosted-domain-ftp psacln 2233 Jul 6 2012 category-5893.php
-rw-r--r-- 1 hosted-domain-ftp psacln 2215 Jul 6 2012 category-5.php
-rw-r--r-- 1 hosted-domain-ftp psacln 2212 Jul 6 2012 category-6.php
-rw-r--r-- 1 hosted-domain-ftp psacln 2236 Jul 6 2012 category-7.php
-rw-r--r-- 1 hosted-domain-ftp psacln 3694 Jul 6 2012 comments.php
-rw-r--r-- 1 hosted-domain-ftp psacln 4717 Jul 6 2012 comments-popup.php
-rw-r--r-- 1 hosted-domain-ftp psacln 3042 Feb 26 22:08 footer.php
-rw-r--r-- 1 hosted-domain-ftp psacln 21562 Jan 22 09:06 functions.php
-rw-r--r-- 1 hosted-domain-ftp psacln 1591 Jul 9 2012 google-search.php
-rw-r--r-- 1 hosted-domain-ftp psacln 2495 Jul 6 2012 image.php
drwxr-xr-x 2 hosted-domain-ftp psacln 4096 Dec 14 11:18 images
-rw-r--r-- 1 hosted-domain-ftp psacln 4138 Jul 6 2012 index.php
-rw-r--r-- 1 hosted-domain-ftp psacln 316 Jul 6 2012 links.php
-rw-r--r-- 1 hosted-domain-ftp psacln 800 Jul 6 2012 page.php
-rw-r--r-- 1 hosted-domain-ftp psacln 64186 Jul 6 2012 screenshot.png
-rw-r--r-- 1 hosted-domain-ftp psacln 680 Jul 9 2012 searchform.php
-rw-r--r-- 1 hosted-domain-ftp psacln 1473 Jul 9 2012 search.php
-rw-r--r-- 1 hosted-domain-ftp psacln 3561 Jul 6 2012 sidebar.php
-rw-r--r-- 1 hosted-domain-ftp psacln 3345 Jul 6 2012 single.php
-rw-r--r-- 1 hosted-domain-ftp psacln 25389 Jul 9 2012 style.css
[plesk3.hostname.co.uk ~]#
I have tried to run and output a clamscan report, but it is either very slow or not working:
Code: Select all
[plesk3.hostname.co.uk ~]# clamscan -r /var/www/vhosts/hosted-domain.com/httpdocs | grep FOUND >> /var/www/vhosts/hosted-domain.com/report/clamscan-report.txt