admin-ajax.php

  • 4cm

    (@4cm)


    10 years, 3 months ago

    Im having problems all of a sudden

    see report provided by my hosting providor

    What do I need to do to fix these

    ——– Original Message ——–
    Subject: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:1) (Fingerprints:0)
    Date: Tue, 2 Feb 2016 16:15:12 +0800
    From: root@trinity.hostdnx.com
    To: root@trinity.hostdnx.com

    Scanning web upload script file…
    Time : Tue, 2 Feb 2016 16:15:12 +0800
    Web referer URL :
    Local IP : 169.45.177.139
    Web upload script user : nobody (99)
    Web upload script owner: churchin (503)
    Web upload script path : /home/churchin/public_html/Hope-to-the-Nations/wp-admin/admin-ajax.php
    Web upload script URL : http://churchinperth.com/Hope-to-the-Nations/wp-admin/admin-ajax.php
    Remote IP : 138.122.92.23
    Upload data md5sum : fb9f73471df3cd6d6cd3413bc207bbc6
    Deleted : No
    Quarantined : Yes [/home/quarantine/cxscgi/20160202-161512-VrBlkKktsYsAAG0lP8gAAAAG-file-3nPHSh.1454400912_1]

    ———– SCAN REPORT ———–

    TimeStamp: Tue, 2 Feb 2016 16:15:12 +0800

    (/usr/sbin/cxs –nobayes –cgi –clamdsock /tmp/clamd –defapache nobody –doptions Mv –exploitscan –nofallback –filemax 10000 –html –ignore /etc/cxs/cxs.ignore –mail root –options mMOLfSGchexdnwZDRu –qoptions Mv –quarantine /home/quarantine –quiet –sizemax 500000 –smtp –ssl –summary –sversionscan –timemax 30 –virusscan /tmp/20160202-161512-VrBlkKktsYsAAG0lP8gAAAAG-file-3nPHSh)

    ‘/tmp/20160202-161512-VrBlkKktsYsAAG0lP8gAAAAG-file-3nPHSh’
    ClamAV detected virus = [PHP.Hide-2]

    ———- Forwarded message ———-
    From: Brad Hinchliffe <admin@netdnx.com>
    To: Gary Green 4cm <gary@4cmwebdesign.com>
    Cc:
    Date: Tue, 02 Feb 2016 19:15:22 +0800
    Subject: Fwd: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:1) (Fingerprints:0)

    ——– Original Message ——–
    Subject: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:1) (Fingerprints:0)
    Date: Tue, 2 Feb 2016 04:00:22 +0800
    From: root@trinity.hostdnx.com
    To: root@trinity.hostdnx.com

    Scanning web upload script file…
    Time : Tue, 2 Feb 2016 04:00:22 +0800
    Web referer URL :
    Local IP : 169.45.177.139
    Web upload script user : nobody (99)
    Web upload script owner: fourcmn (525)
    Web upload script path : /home/fourcmn/public_html/4cminews.com/wp-admin/admin-ajax.php
    Web upload script URL : http://4cminews.com/wp-admin/admin-ajax.php
    Remote IP : 46.118.155.216
    Upload data md5sum : b46add7d8e35aabf0544f0c0799ceb15
    Deleted : No
    Quarantined : Yes [/home/quarantine/cxscgi/20160202-040020-Vq@5VKktsYsAACbthWQAAAAE-file-jwt9Cz.1454356822_1]

    ———– SCAN REPORT ———–

    TimeStamp: Tue, 2 Feb 2016 04:00:22 +0800

    (/usr/sbin/cxs –nobayes –cgi –clamdsock /tmp/clamd –defapache nobody –doptions Mv –exploitscan –nofallback –filemax 10000 –html –ignore /etc/cxs/cxs.ignore –mail root –options mMOLfSGchexdnwZDRu –qoptions Mv –quarantine /home/quarantine –quiet –sizemax 500000 –smtp –ssl –summary –sversionscan –timemax 30 –virusscan /tmp/20160202-040020-Vq@5VKktsYsAACbthWQAAAAE-file-jwt9Cz)

    ‘/tmp/20160202-040020-Vq@5VKktsYsAACbthWQAAAAE-file-jwt9Cz’
    ClamAV detected virus = [PHP.Exploit.C99]

    ———- Forwarded message ———-
    From: Brad Hinchliffe <admin@netdnx.com>
    To: Gary Green 4cm <gary@4cmwebdesign.com>
    Cc:
    Date: Tue, 02 Feb 2016 19:15:46 +0800
    Subject: Fwd: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:0) (Fingerprints:0)

    ——– Original Message ——–
    Subject: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:0) (Fingerprints:0)
    Date: Tue, 2 Feb 2016 00:00:31 +0800
    From: root@trinity.hostdnx.com
    To: root@trinity.hostdnx.com

    ———– SCAN REPORT ———–

    TimeStamp: Tue, 2 Feb 2016 00:00:02 +0800

    (/usr/sbin/cxs –allusers –nobayes –clamdsock /tmp/clamd –ctime 25 –defapache nobody –doptions Mv –exploitscan –nofallback –filemax 10000 –html –ignore /etc/cxs/cxs.ignore –mail root –options OLfmMChexdDZRP –qoptions Mv –quiet –report /root/scandaily.log –sizemax 500000 –ssl –nosummary –sversionscan –timemax 30 –virusscan –voptions fmMhexT –www)

    (20) fourcmn, Scanning /home/fourcmn/public_html:

    ‘/home/fourcmn/public_html/fourcm.com/wp-content/uploads/2014’
    Skipped – too many resources: 12716 ( > filemax=10000)

    ———- Forwarded message ———-
    From: Brad Hinchliffe <admin@netdnx.com>
    To: Gary Green 4cm <gary@4cmwebdesign.com>
    Cc:
    Date: Tue, 02 Feb 2016 19:16:10 +0800
    Subject: Fwd: cxs Scan on trinity.hostdnx.com (Hits:2) (Viruses:0) (Fingerprints:1)

    ——– Original Message ——–
    Subject: cxs Scan on trinity.hostdnx.com (Hits:2) (Viruses:0) (Fingerprints:1)
    Date: Mon, 1 Feb 2016 20:20:01 +0800
    From: root@trinity.hostdnx.com
    To: root@trinity.hostdnx.com

    Scanning web upload script file…
    Time : Mon, 1 Feb 2016 20:20:01 +0800
    Web referer URL :
    Local IP : 169.45.177.139
    Web upload script user : nobody (99)
    Web upload script owner: fourcmn (525)
    Web upload script path : /home/fourcmn/public_html/4cminews.com/wp-admin/admin-ajax.php
    Web upload script URL : http://4cminews.com/wp-admin/admin-ajax.php
    Remote IP : 94.41.53.210
    Upload data md5sum : a1aee5a38d6ebe26d4ffa247fe34d062
    Deleted : No
    Quarantined : Yes [/home/quarantine/cxscgi/20160201-202000-Vq9NcKktsYsAAFxv7-0AAAAD-file-nJcO89.1454329201_1]

    ———– SCAN REPORT ———–

    TimeStamp: Mon, 1 Feb 2016 20:20:01 +0800

    (/usr/sbin/cxs –nobayes –cgi –clamdsock /tmp/clamd –defapache nobody –doptions Mv –exploitscan –nofallback –filemax 10000 –html –ignore /etc/cxs/cxs.ignore –mail root –options mMOLfSGchexdnwZDRu –qoptions Mv –quarantine /home/quarantine –quiet –sizemax 500000 –smtp –ssl –summary –sversionscan –timemax 30 –virusscan /tmp/20160201-202000-Vq9NcKktsYsAAFxv7-0AAAAD-file-nJcO89)

    ‘/tmp/20160201-202000-Vq9NcKktsYsAAFxv7-0AAAAD-file-nJcO89’
    (compressed file: revslider/MHC.php [depth: 1]) Regular expression match = [decode regex: 1]
    (compressed file: revslider/MHC.php [depth: 1]) (decoded file [depth: 1]) Known exploit = [Fingerprint Match] [Shell Exploit [P0310]]

    ———- Forwarded message ———-
    From: Brad Hinchliffe <admin@netdnx.com>
    To: Gary Green 4cm <gary@4cmwebdesign.com>
    Cc:
    Date: Tue, 02 Feb 2016 19:16:33 +0800
    Subject: Fwd: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:1) (Fingerprints:0)

    ——– Original Message ——–
    Subject: cxs Scan on trinity.hostdnx.com (Hits:1) (Viruses:1) (Fingerprints:0)
    Date: Mon, 1 Feb 2016 13:57:51 +0800
    From: root@trinity.hostdnx.com
    To: root@trinity.hostdnx.com

    Scanning web upload script file…
    Time : Mon, 1 Feb 2016 13:57:51 +0800
    Web referer URL :
    Local IP : 169.45.177.139
    Web upload script user : nobody (99)
    Web upload script owner: fourcmn (525)
    Web upload script path : /home/fourcmn/public_html/4cminews.com/wp-admin/admin-ajax.php
    Web upload script URL : http://4cminews.com/wp-admin/admin-ajax.php
    Remote IP : 85.128.142.34
    Upload data md5sum : 0ef4411264c63458a0e7c1d06e10cce1
    Deleted : No
    Quarantined : Yes [/home/quarantine/cxscgi/20160201-135751-Vq7z36ktsYsAAC-60ScAAAAH-file-GjaesE.1454306271_1]

    ———– SCAN REPORT ———–

    TimeStamp: Mon, 1 Feb 2016 13:57:51 +0800

    (/usr/sbin/cxs –nobayes –cgi –clamdsock /tmp/clamd –defapache nobody –doptions Mv –exploitscan –nofallback –filemax 10000 –html –ignore /etc/cxs/cxs.ignore –mail root –options mMOLfSGchexdnwZDRu –qoptions Mv –quarantine /home/quarantine –quiet –sizemax 500000 –smtp –ssl –summary –sversionscan –timemax 30 –virusscan /tmp/20160201-135751-Vq7z36ktsYsAAC-60ScAAAAH-file-GjaesE)

    ‘/tmp/20160201-135751-Vq7z36ktsYsAAC-60ScAAAAH-file-GjaesE’
    ClamAV detected virus = [PHP.Hide-2]

    ———- Forwarded message ———-
    From: Brad Hinchliffe <admin@netdnx.com>
    To: gary Green 4cm <gary@4cmwebdesign.com>
    Cc:
    Date: Tue, 02 Feb 2016 19:17:00 +0800
    Subject: Fwd: cxs Scan on trinity.hostdnx.com (Hits:3) (Viruses:0) (Fingerprints:2)

    ——– Original Message ——–
    Subject: cxs Scan on trinity.hostdnx.com (Hits:3) (Viruses:0) (Fingerprints:2)
    Date: Mon, 1 Feb 2016 08:33:40 +0800
    From: root@trinity.hostdnx.com
    To: root@trinity.hostdnx.com

    Scanning web upload script file…
    Time : Mon, 1 Feb 2016 08:33:40 +0800
    Web referer URL :
    Local IP : 169.45.177.139
    Web upload script user : nobody (99)
    Web upload script owner: ()
    Web upload script path : /home/fourcmn/public_html/4cminews.com/
    Web upload script URL : http://4cminews.com/?page_id=11900/wp-admin/admin-ajax.php
    Remote IP : 178.250.29.50
    Upload data md5sum : b1b3d1637a3481cd56b1e1be3e12c6a7
    Deleted : No
    Quarantined : Yes [/home/quarantine/cxscgi/20160201-083340-Vq6n5KktsYsAAC7ka1cAAAAK-file-SsP8Jw.1454286820_1]

    ———– SCAN REPORT ———–

    TimeStamp: Mon, 1 Feb 2016 08:33:40 +0800

    (/usr/sbin/cxs –nobayes –cgi –clamdsock /tmp/clamd –defapache nobody –doptions Mv –exploitscan –nofallback –filemax 10000 –html –ignore /etc/cxs/cxs.ignore –mail root –options mMOLfSGchexdnwZDRu –qoptions Mv –quarantine /home/quarantine –quiet –sizemax 500000 –smtp –ssl –summary –sversionscan –timemax 30 –virusscan /tmp/20160201-083340-Vq6n5KktsYsAAC7ka1cAAAAK-file-SsP8Jw)

    ‘/tmp/20160201-083340-Vq6n5KktsYsAAC7ka1cAAAAK-file-SsP8Jw’
    (compressed file: revslider/mil.php [depth: 1]) Regular expression match = [decode regex: 1]
    (compressed file: revslider/mil.php [depth: 1]) (decoded file [depth: 1]) Known exploit = [Fingerprint Match] [PHP Injection Exploit [P0366]]
    (compressed file: revslider/pbot.php [depth: 1]) Known exploit = [Fingerprint Match] [PHP Exploit [P0174]]

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)

The topic ‘admin-ajax.php’ is closed to new replies.