Everything can do it :p


Category: cms

Remove Crypto PHP

Posted by in cms on

Terkadang kesal jika website kita ada penyusup yg menggunakan CryptoPHP, yang berarti Spam ini akan menyelinapkan script php ke dalam script site kita.
isinya dengan redirect url ke site-site dan nantinya IP server kita akan terkena blacklist, karena di anggap melakukan flooding http.

Berikut langkah untuk pengecakan dan pencegahan cryptoPHP.

If you have some shell experience , please use the following methods for identifying the malware

1) Quick check for social*.png files ,
find /home/ -type f -iname “social*.png” -exec grep -E -o ‘php.{0,80}’ {} \; -print

if you see any files from the above result , then you must delete those files immediately,

2)Check all png file ,
find /home -type f -iname ‘*.png’ -print0 | xargs -0 file | grep “PHP script” > /root/cryptoinfected.txt

Now check all the files listed in /root/cryptoinfected.txt and remove it

3) Check all other files,
You must need to check all other files too , because it is not only infected by png fines and jpeg files,

4) Use clamav or maldetect
You may please update your clamav database and maldetect database . After that run a scan , this will detect the mallware
maldetect -U