How to remove CryptoPHP malware – Scan Now
- Category : Linux Helpline (Easy Guide)
- Posted on : Mar 26, 2019
- Views : 2,559
- By : Hagen V.
What is CryptoPHP?
CryptoPHP is a threat that uses backdoored Joomla, WordPress and Drupal themes and plug-ins to compromise webservers on a large scale. By publishing pirated themes and plug-ins free for anyone to use instead of having to pay for them, the CryptoPHP actor is social engineering site administrators into installing the included backdoor on their server.
This malware can be controled via a remote server or email. This is a well written piece of code, it can have ,
Auto integrate into most of the CMS like joomla, wordpress , drupal ,etc,.
It is encrypted key based communication between the affected server and control server
Backup and failover mechanisam incase of shut down
Remote manual management , auto update ,etc,.
Thousands of servers and websites affected by this malware. Our clients servers with proactive management are already scanned and protected from this threat . It looks like the inspection limit is increasing.
If you have some shell experience , please use the following methods for identifying the malware
1) Quick check for social*.png files ,
find /home/ -type f -iname "social*.png" -exec grep -E -o 'php.{0,80}' {} \; -print
if you see any files from the above result , then you must delete those files immediately,
2) Check all png file ,
find /home -type f -iname '*.png' -print0 | xargs -0 file | grep "PHP script" > /root/cryptoinfected.txt
Now check all the files listed in /root/cryptoinfected.txt and remove it
3) Check all other files,
You must need to check all other files too , because it is not only infected by png fines and jpeg files,
4) Use clamav or maldetect,
You may please update your clamav database and maldetect database . After that run a scan , this will detect the mallware
freshclam maldetect -U
EDIT : Further investigation found that this malware seems to be attached via email attachments too, so you may need to scan the server email accounts too.
Categories
- cPanel Question 47
- cPanel Software Management 29
- cPanel Tutorials 13
- Development 29
- Domain 13
- General 19
- Linux Helpline (Easy Guide) 156
- Marketing 47
- MySQL Question 13
- News 2
- PHP Configuration 14
- SEO 4
- SEO 42
- Server Administration 84
- SSL Installation 54
- Tips and Tricks 24
- VPS 3
- Web Hosting 44
- Website Security 22
- WHM questions 13
- WordPress 148
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
Sat | Sun | Mon | Tue | Wed | Thu | Fri |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 | 29 | 30 | 31 |
Recent Articles
-
Posted on : Sep 17
-
Posted on : Sep 10
-
Posted on : Aug 04
-
Posted on : Apr 01
Tags
- ts
- myisam
- vpn
- sql
- process
- kill
- tweak
- server load
- attack
- ddos mitigation
- Knowledge
- layer 7
- ddos
- webmail
- DMARC
- Development
- nginx
- seo vpn
- Hosting Security
- wireguard
- innodb
- exim
- smtp relay
- smtp
- VPS Hosting
- cpulimit
- Plesk
- Comparison
- cpu
- encryption
- WHM
- xampp
- sysstat
- optimize
- cheap vpn
- php-fpm
- mariadb
- apache
- Small Business
- Error
- Networking
- VPS
- SSD Hosting
- Link Building
- centos
- DNS
- optimization
- ubuntu