Infected files on servers with Plesk Hosting

A new computer virus has infected the platforms of many Plesk Hosting systems. Apparently the virus uses a Bug in Plesk management system to enter and get the FTP keys to web servers that are subsequently used to edit javascripts files and PHP to embed codes, very frequently banners with links to external web pages, in the web.

virus attack

Several webmaster have submitted their complaints about their website being infected by a virus that injects javascripts and php code with links to external sites. It has been confirmed that this type of malware can inject its code accompanied by a firm that begins with / * km0ae9gr6m * / or / * gootkitstart * / and ends with / * qhk6sa6g1c * / or / * gootkitend * /.

Apparently this malware takes several weeks outwitting the security of companies that using Plesk Hosting. Many Webmaster when they detect that they have been infected choose to seek a backup of the site and restore the corrupted files. After restoring the files have been found to re-infecting virus, which means you have direct access to ftp and for that previously had to get passwords.

After conducting various studies as acts of this type of Trojan horse has come to the conclusion that get the passwords of FTP through a bug found in the file manager tool that incorporates Plesk. Use this bug to steal the FTP password and have permission to read and write about all the files in the hosting.

Many businesses that rely on their website and have been infected, have reported that they are starting to leak and this virus generates some uncertainty for the customer. Luckily this virus only infects files and never deletes or rename.

To reassure many Webmaster who has been affected their web must be said that there is a new update for Plesk that fixes this bug. The steps to prevent the reinfection web are:

  • Update to the latest version of the Hosting Server. This step is very important because when you upgrade the server eliminate the security hole.
  • Change FTP passwords from your hosting.
  • Change passwords for all email accounts.
  • Change the passwords of the Plesk.
  • Disinfect all infected files. We can do this by eliminating each one the code entered or restoring a backup.

Leave a Comment