php.suspected Hack

  • Since last 4 days, we are facing strange issue on our Production server (AWS EC2 instance) specific to only one site which is SugarCRM.

    Issue is /home/site_folder/public_html/include/MassUpdate.php file is renamed automatically to /home/site_folder/public_html/include/MassUpdate.php.suspected

    This happens 2-3 times in a day with 3-4 hours of gap. This issue occurs only in case of specific site, even it doesn’t occur for staging replica of the same site. I even checked code of that file from both sites, it’s same.

    We have Googled and found, such issue occurs mostly for WordPress sites and it could be because of attack. But we checked our server against the attack, there isn’t any. Also there is no virus/malware scan running on server.

    What should we do?

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘php.suspected Hack’ is closed to new replies.

Tags