Help - Hackers have taken over my site!

Well, kind of. I was notified by Google that there has been phishing pages uploaded on my website that, of course, I did not initiate. I went through the access logs and saw when and how they were uploaded - through a shell script!

I was able to trace and delete 3 different shell scripts located at various locations on my site, but as I keep looking, it seems they are everywhere. Is there any way I can do a site-wide malware scan that would pinpoint these buggers so I can get rid of them?

Thanks,
Donny

 

An easy way is to scan your /home with clamscan , also check your server for rootkits and backdoors with rkhunter, if you are rooted then you`ll need someone to clear your server (Its not that easy to do but possible).

 

It's actually pretty simple, I'll help you just PM me/respond on here and ill help with what i can.

 

Thanks st1905, just did a clamscan of my public_html directory and it showed 0 infected. It looks like I may have gotten to all of the infected files.

ŦʂĞɧ ųŞøƝ, sure, if you have another idea, please let me know .

Thanks!
Donny

 

aww sad (

 

Makes me wonder how they got the shell script onto your server in the first place.

 

Do you have some type of uploading script that allows php files to be uploaded?