I recommend switching to Hostgator for your ded and ask them for their custom modsec. I'm not affiliated with them except that I am a customer and have been for 6 years. I do bring this up because you stated that they "do not know" which if true tells me that do not know how to do even the smallest things necessary to manage a box. Of course, as an afterthought, are you paying for a managed or unmanaged server? Just my 2 cents..... -----Original Message----- From: sono-io@xxxxxxxxxxxxx [mailto:sono-io@xxxxxxxxxxxxx] Sent: Saturday, April 04, 2009 7:12 PM To: php-general@xxxxxxxxxxxxx Subject: Possible Server Infection? Hi all, I was wondering if someone might know about a problem I'm having on my server. It appears that I've been infected by a rogue PHP script(?). Something has gone through my server and placed .htaccess files in every directory that didn't have one with contents that look like this: Options -MultiViews ErrorDocument 404 //graphics/cc/111152.php The path is different for each file and corresponds to the directory that it's in. The php document name is a different number for each file I've found. Does this sound familiar to anyone? What would be the purpose of placing files like these in the directories? As far as I know, there isn't a file called "111152.php" anywhere on my site, so this doesn't make any sense to me. I realize that this is a very general question, but I'm hoping that someone has seen or heard of this type of thing before and can help me eliminate the problem. I'm using A2 Hosting and they don't know why this happened. Thanks, Frank -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php __________ Information from ESET Smart Security, version of virus signature database 3988 (20090404) __________ The message was checked by ESET Smart Security. http://www.eset.com __________ Information from ESET Smart Security, version of virus signature database 3988 (20090404) __________ The message was checked by ESET Smart Security. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
