Can’t remove backdoor file

  • volpa

    (@volpa)


    3 years, 11 months ago

    Hi, my website recently got hacked, and I deleted most of it, but if it’s not all gone, I’m guessing it will just start over again.

    I’m left with two corrupted files, the first one being www/index.php, which has a modified header that keeps coming back whenever I delete it ;

    And the second one being www/0znw3s/index.php, which has been identified as a backdoor, and I don’t have the permission to delete it.

    Could anyone out there help me with these ?

    Thanks a lot !

Viewing 5 replies - 1 through 5 (of 5 total)
  • Anonymous User 17160716

    (@anonymized-17160716)

    3 years, 11 months ago

    volpa, hi there.

    www/0znw3s/index.php

    Any chance you’re able to edit permissions for this file and/or directory itself (via file manager, SSH etc.)?

    Thread Starter volpa

    (@volpa)

    3 years, 11 months ago

    I’m kind of a noob when it comes to all of this, but i’ve been able to modify permission with filezilla, still none of them seems to work.

    You’re talking about owner / group / public permissions right ? I tried setting it all to yes (777) but didn’t change anything. Anything i might be doing wrong ?

    Anonymous User 17160716

    (@anonymized-17160716)

    3 years, 11 months ago

    volpa,

    I tried setting it all to yes (777) but didn’t change anything. Anything i might be doing wrong ?

    Not really, I think there is a lack of information, that’s why you can’t properly work with this directory and the malicious file inside.

    Thread Starter volpa

    (@volpa)

    3 years, 11 months ago

    Do you have any idea of how I could fix this ? What do you mean by lack of information ?

    Anonymous User 17160716

    (@anonymized-17160716)

    3 years, 11 months ago

    volpa, yup, first of all, check the user:group permissions for the malicious file and for the parent directory as well. Any chance you’re able to ask hosting support staff for help with such tasks?

Viewing 5 replies - 1 through 5 (of 5 total)

The topic ‘Can’t remove backdoor file’ is closed to new replies.