• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue xmri Infected

I

Inma

Regular Pleskian
Server operating system version
Debian
Plesk version and microupdate number
18.0.55
This server has had an infected hosting which created these files and ran that command using the FTP user and there was no way to stop it, every reboot and change of ftp data... was re-run

that hosting no longer has a web site only mail . So in theory we thought it was fixed but NO, now run this with user 10007

I search xmri no longer shows me any files because the infected website has NO website or place to upload files or infected files... any ideas ?


1698501437784.png


1698501115480.png
 
You could try to run maldetect (that's a third party tool) to scan all files on the server for malware, because there might still be infected files on the server if the software managed to access the root level. You should also check that your /tmp partition (or directory) do not have any file execution permissions.
 
hello, yesterday I rebooted the machine and it has already disappeared that attacker... I keep checking and check the permissions of /tmp and scan in Immunify and maldetect.

Thanks
 
You must log in or register to reply here.

Similar threads

Talistech
Resolved Backups failing since a couple days: Unable to run the backup agent
Replies
1
Views
4K
Talistech
Talistech
B
Issue High latency, unreliable performance & 522 errors on a Plesk server that ran fine for 6+ months
Replies
8
Views
2K
HHawk
HHawk
B
Resolved Update broke FTP access
Replies
5
Views
960
Sebahat.hadzhi
Sebahat.hadzhi
S
Issue Can no longer execute php handler
Replies
1
Views
614
stefanb
S
G
Issue Database Malware or False Positive?
Replies
2
Views
2K
Gene Steinberg
G
Back
Top