Backdoor:PHP/SimpleShell.A (2 posts)

  1. tarzan_055
    Posted 2 years ago #

    Dear All,
    i appreciate your help in this matter. i am running wordpress for a while now (2 years) and everything is going well. lately someone is trying to drop a trojan on my server and he is keeping on trying everyday 10 to 20 times but my anti-virus is catching the trojan everytime. i get this info

    Name: Backdoor:PHP/SimpleShell.A
    ID: 2147684280
    Severity: Severe
    Category: Backdoor
    Path: file:_C:\WINDOWS\Temp\phpF0.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF2.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF4.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF6.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF8.tmp->[PHP];file:_C:\WINDOWS\Temp\phpFA.tmp->[PHP]
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    User: servername\IUSR_servername
    Process Name: C:\Program Files\PHP\php-cgi.exe

    while he/she fails in dropping the trojan but i am afraid he will secceed one day. any help in protecting my server or tracking the user is appreciated.


  2. tarzan_055
    Posted 2 years ago #

    adding to the above text i found out that disable file upload on PHP will stop the tries of attack.
    any help.

Topic Closed

This topic has been closed to new replies.

About this Topic