Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Somehow I got the belaflex.ind.br infection on CentOS 5.3 and I can't figure out how to get rid of it.
I did a string search (grep) on the entire drive and that name didn't show up anywhere.
I googled it and all I got was your computer may be infected.
Anyone know how to get rid of this?
Anyone know how to stop it from happening again?
Somehow I got the belaflex.ind.br infection on CentOS 5.3 and I can't figure out how to get rid of it.
What make you suspect that? How did you check it?
Quote:
I googled it and all I got was your computer may be infected.
I can't make any sense of that sentence. Do you -maybe- mean that you are going to a web site that says that your computer is infected? If that's the case, ignore it. I can put whatever I want on my site and every visitor will see it, which doesn't mean that it's true.
If you are really concerned about infections, install clamav, rkhunter and chkrootkit, and use them to scan your drive(s).
What make you suspect that? How did you check it?
I watch it load on the status bar when I load my main index.php file from my web server on my web browser.
I can't make any sense of that sentence. Do you -maybe- mean that you are going to a web site that says that your computer is infected? If that's the case, ignore it. I can put whatever I want on my site and every visitor will see it, which doesn't mean that it's true.
I mean I google "belaflex.ind.br" and I quote
'BELAFLEX
- [ Translate this page ]
This site may harm your computer. www.belaflex.ind.br/ - Similar - '
from the Google
and I watch my status bar on my browser (Firefox man did it slow down)
and watch it access the page 'belaflex.ind.br'
I really appreciate your help!!
If you are really concerned about infections, install clamav, rkhunter and chkrootkit, and use them to scan your drive(s).
Yea I did all of that except for clamav which I understand is only for email and I will deal with that devil later.
Clamav is an antivirus scanner, you can use it for mail or for whatever else. Files are files, mails are not special in any regard.
That's good to know. I am sort of a newb with Linux with my background in Windows Servers and I actually had someone tell me that you couldn't infect Linux with a Virus. Imagine that!
I think I found the problem but now have a new security problem.
I have already deleted the code, but someone injected php code at the top of my index.php file.
It was a base64 encoded string which I immediately deleted and saved the new copy and then changed my FTP Password and cleaned up the web site some.
It seems to be OK this morning but I'm afraid the perp will return and do it again. I will have to check my server index.php code daily.
Thanks for your help and hopefully by maintaining my password I will be able to keep them out.
That's good to know. I am sort of a newb with Linux with my background in Windows Servers and I actually had someone tell me that you couldn't infect Linux with a Virus. Imagine that!
Well, it's certainly not as common as in Windows, but there's nothing stopping someone from making Linux viruses. However most attacks come rather in form of a hacker or a rootkit.
Quote:
I think I found the problem but now have a new security problem.
I have already deleted the code, but someone injected php code at the top of my index.php file.
It was a base64 encoded string which I immediately deleted and saved the new copy and then changed my FTP Password and cleaned up the web site some.
It seems to be OK this morning but I'm afraid the perp will return and do it again. I will have to check my server index.php code daily.
Thanks for your help and hopefully by maintaining my password I will be able to keep them out.
Using a complex password is definitely a good idea. If you use an ftp client or a web based frontend on a non-private machine make sure you erase the history afterwards and never save the password using some silly keyring like the firefox one. Try to use ssh instead if possible, encryption will help to keep your safety intact. The problem could also be php buggy code so an audit for your php code would be a good thing.
If you try clamav you might also be interested in checking one of the available frontend, like klamav or clamtk.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
