My server is sending spam emails. I change the password, I see on ssh file explorer, and I can't see mailing script, I desactiavet the mail function on php.ini, but still sneding emails. And I have strange images on a directory. Is there a solution, without format and reinstall? Thank you
Hello Till, Thank you very much, I just installed Rkhunter and I see a good number of warings here: Performing file properties checks In Checking for rootkits... Performing check of known rootkit files and directories All green [not found] Here the summary: System checks summary ===================== File properties checks... Required commands check failed Files checked: 137 Suspect files: 34 Rootkit checks... Rootkits checked : 245 Possible rootkits: 1 Rootkit names : Xzibit Rootkit Applications checks... Applications checked: 4 Suspect applications: 4 The system checks took: 1 minute and 11 seconds I run chkrootkit-0.49 and not show nothing infected and all good. How can I fix this errors? and prevent the spam, and the strange images upload. Thank you Toux
The best thing to do is take the server off-line, and do a reinstall! If your server has been compromised to/by a hacker, the hacker could have added many ways to access your server. So if you fix one problem, the other might still be there and beeing abused by the hacker(s)
you check what proccess i to active on your server and stop it, then chceck why. Spam can be send by cgi script for example. You download all log files on your desktop and analize it. Check who use shell, ftp last time and what was change. Check you upgrade. you disable fopen in php.ini for suphp, fast-cgi etc. If a hacker has no access to root, you have chance fix the server, other way is better reinstall all.
