Jump to content

Best way to remove Trojan / Virus?


Sheffielder
 Share

Recommended Posts

So I think I have a trojan virus on my site

It keeps repeatedly uploading a folder (says something about an invoice) with a php file within it


I've downloaded fresh files from here and overwritten and then ran upgrade but it still happens

What's the fastest and best way to eradicate trojan /viruses from forum software please?

Link to comment
Share on other sites

Find a trusted person with more experience to check this out on your server directly. There are no general ways to solve this. You need to identify the specific problem and then follow its trail to remove it. 

I can’t even say there is a virus. A folder with a php file? That can mean anything. 

Link to comment
Share on other sites

What is the file called?

Any info in your ACP logs?

How do you host your site - is there a company involved and if so have you asked them?

Made any changes lately via third parties?

Using any script like advertising?

 

Seriously... self-hosting means you need to be both on top of all of this stuff AND know that you instantly provide this info when asking for help. Right now it sounds like you'd be better on CitC.

Link to comment
Share on other sites

Best way: Reinstall the server (if it is a virus)

No seriously ... reinstall your server.

All the tips of finding the file and try to remove it are useless, the reason is that the hackers most likely have added backdoors to gain again access.
Save your time and the time of others by simply reinstalling the server.
Backup the media, backup the database, reinstall the server, load a fresh install package from invisionpower and import the media/database dump.

Some minor tips from just another forum user (I have learned a lot of things painfully myself over 10 years of hosting experience):

  • Don't trust anyone on the internet
  • Give people only the access they REALLY require, most people do not require any access.
    As example, I am the only one that can access my server infrastructure, no one else can. I am along with 1 other guy able to access the Admin CP of my forum and my mods can't even do most moderation actions.
  • Set secure passwords, if you use them for ftp/ssh. The idea of having special chars or upper/lower letters is not secure, the only measure of having a secure password is the length with non dictionary words, if anyone is interested getting further into it, follow up here:
    https://blog.codinghorror.com/hacker-hack-thyself/

As last point, also if that is always a bad thing that can happen, it has a positive effect, you learn from things you have done wrong.

Greetings

Edited by GriefCode
Link to comment
Share on other sites

 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...