Questions? Start a Support Ticket
User Registration
Customer Login

Knowledgebase

Portal Home > Knowledgebase > Articles Database > maldet question


maldet question




Posted by un!ty, 09-26-2014, 05:15 PM
I run scan today and find the following files in report about nigx as this ok?
Posted by WireNine, 09-26-2014, 06:49 PM
That does not look ok. Do you have a sys admin or do you manage the server yourself?
Posted by un!ty, 09-26-2014, 06:57 PM
Please can you explain, I am learner.. I do it myself. Can you please guide me i would happy to follow. Thanks for your response.
Posted by Johnny Cache, 09-26-2014, 10:16 PM
Have you looked at /tmp to see what's in there? Whatever it is, it's certainly not normal. I would put the files in a quarantined state (maldet –quarantine $SCANID) and have a look at their contents before simply deleting everything out of your /tmp. When was the last time you ran a full maldet update?
Posted by net, 09-26-2014, 10:20 PM
Moved > Hosting Security and Technology.
Posted by Srv24x7, 09-27-2014, 01:11 AM
Hi, The result you got from the maldet shows that the files that were upload temporarily in the /tmp folder for process execution are infected with malicious codes. These files should be removed or quarantined immediately. Those are webserver and PHP session and caching files. You could safely remove them.
Posted by un!ty, 09-27-2014, 07:47 AM
result after the maldet –q scanid You are right but how it can be happen?
Posted by activelobby4u, 09-28-2014, 02:05 AM
Hi, its quite difficult to analyse this with just looking in to the log entries. However you can try opening them and check the file itself to see if there is any entries regarding any domain in them which indicate that its uploaded through that domain to the server.
Posted by Srv24x7, 09-28-2014, 08:34 AM
Hi, You can check the quarantine folder and do a list of files and check the owner of the file, whether it was upload by certain user or by user named "nobody." This will clear some of the things. Additionally, try using stats command to check the file statistics and see if any information you can get on it.


Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
Thoughts on Dinix? (Views: 669)
Why doesn't this code work? [php] (Views: 667)
Suggestion on choosing reseller host (Views: 681)
datahosts or mchost? (Views: 724)
Installed EV Cert into stunnel? (Views: 699)


Language:

Our Services

Client Menu

Legal

Terms of Service | Privacy Policy | Refund Policy | Affiliates
Copyright © 2015 DC International LLC in partnership with Bragin IT Solutions Inc. - All Rights Reserved.