DirectAdmin Centos4 server has virus
- by Rogier21
Hello all,
I have a problem with a webserver that runs Centos4 with DirectAdmin.
Since a few weeks some websites hosted on it are not redirecting on search engines properly, they are redirected to some malware site, resulting in a ban from google.
Now I have used 3 virusscanners:
ClamAV: Didn't find anything
Bitdefender: Found a 2-3 files with JS infection, deleted them
AVG: Finds lots of files, but doesn't have the option to clean!
The virus that it finds is:
JS/Redir
JS/Dropper
Still the strange thing is: website a (www.aa.com) does not have any infected files (have gone through all the files manually, is a custom PHP app, nothing special) but does still have the same virus. Website b (www.bb.com) does have the infected files as only one.
I deleted all these files and suspended the account, but no luck, still the same error.
I do get the log entries on the website from the searchengines so the DNS entries are not changed.
But now I have gone through the httpd files but cannot find anything.
Where can I start looking for this?