maldet finds malware in phptmp folders of several customers

  • Hi,

    everynight I run maldet / f-secure antivirus on my complete server.
    Today I got an report that maldet found several malware at some customers phptmp folders:

    How they come in on several domain at the same time. I manage the most of these Pages and keep them up2date and check also all extension via
    The Foldersecurity is done as strong it is possible.

    How they can come in? How find the security problem?!

    Cheers Peter

  • Maybe these are false possitives.. Are you googled about the virus they are been found?

  • I tried but didn't found any usable. Just the same answer as yours: may false positives :S

    What I saw is, that my Mail Server is under attack since yesterday. 1000's of login errors on sasl from IP's all over the world.
    Just set fail2ban to maxtries = 1 and bantime > 3 Years (just for a moment) . Now I don't have any new bans, it seems the hacker runned out of Proxy IP's ;)