Backdoor:PHP/SimpleShell.A

  • Dear All,
    i appreciate your help in this matter. i am running wordpress for a while now (2 years) and everything is going well. lately someone is trying to drop a trojan on my server and he is keeping on trying everyday 10 to 20 times but my anti-virus is catching the trojan everytime. i get this info

    Name: Backdoor:PHP/SimpleShell.A
    ID: 2147684280
    Severity: Severe
    Category: Backdoor
    Path: file:_C:\WINDOWS\Temp\phpF0.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF2.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF4.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF6.tmp->[PHP];file:_C:\WINDOWS\Temp\phpF8.tmp->[PHP];file:_C:\WINDOWS\Temp\phpFA.tmp->[PHP]
    Detection Origin: Local machine
    Detection Type: Concrete
    Detection Source: Real-Time Protection
    User: servername\IUSR_servername
    Process Name: C:\Program Files\PHP\php-cgi.exe

    while he/she fails in dropping the trojan but i am afraid he will secceed one day. any help in protecting my server or tracking the user is appreciated.

    BR

Viewing 1 replies (of 1 total)
  • Thread Starter tarzan_055

    (@tarzan_055)

    Gents,
    adding to the above text i found out that disable file upload on PHP will stop the tries of attack.
    any help.

Viewing 1 replies (of 1 total)
  • The topic ‘Backdoor:PHP/SimpleShell.A’ is closed to new replies.