0

Recently i found some phishing files (PHP/HTML) on my server which were previously not present. I deleted them but later another set of files reappeared.

This is happening for all the sites hosted on my server even after changing the admin panel and FTP credentials .

My Question:

Is it possible for someone using some nulled software to get my server ftp credentials and put those files in the server?

EEAA
  • 109,904
Anmol Dubey
  • 1
  • 1
    I assume this server has outward-facing WWW sites run via PHP code, and isn't just an FTP server?

    If so, have you examined server access logs to see if any unusual activity can be detected?

     – Kevin_Kinsey Oct 20 '15 at 19:28
  • I had answered this quite some time ago for another person but can't find it. In short, if it's a shared hosting provider like GoDaddy it may not be your account that is compromised. It could be someone else. I would report it to your hosting provider and inform them of the PHP injection. – Travis Oct 20 '15 at 20:56

0 Answers0