Remove Malware/Virus from server

Budget 26$ per month
Posted: 4 year ago
Opened
Description
Our server has been hosting over 20 domains and very recently our server admin is telling us our server is performing DDOS attack on other unknown websites (which we did not initiate any). We are trying to find out which is the culprit file. We need server security expert to help us in this issue.

Some example log files are

Domain: hiustenlahtonet.com (195.78.228.250)


Here are more information about 182.239.43.161:
Lines containing IP:182.239.43.161 in /furanet/sites/*/web/htdocs/logs/access

/furanet/sites/feromoni.org/web/htdocs/logs/access:182.239.43.161 - - [02/Jan/2020:07:57:55 +0100] "GET /wp-login.php HTTP/1.1" 200 2609 "-" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
/furanet/sites/feromoni.org/web/htdocs/logs/access:182.239.43.161 - - [02/Jan/2020:07:57:56 +0100] "POST /wp-login.php HTTP/1.1" 200 3551 "-" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
/furanet/sites/feromoni.org/web/htdocs/logs/access:182.239.43.161 - - [02/Jan/2020:07:57:57 +0100] "POST /xmlrpc.php HTTP/1.1" 403 412 "-" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
/furanet/sites/hiustenlahtonet.com/web/htdocs/logs/access:182.239.43.161 - - [02/Jan/2020:13:18:55 +0100] "GET /wp-login.php HTTP/1.1" 200 2207 "-" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
/furanet/sites/hiustenlahtonet.com/web/htdocs/logs/access:182.239.43.161 - - [02/Jan/2020:13:18:55 +0100] "POST /wp-login.php HTTP/1.1" 200 2474 "-" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
/furanet/sites/hiustenlahtonet.com/web/htdocs/logs/access:182.239.43.161 - - [02/Jan/2020:13:18:56 +0100] "GET /wp-login.php HTTP/1.1" 200 2207 "-" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
/furanet/sites/hiustenlahtonet.com/web/htdocs/logs/access:182.239.43.161 - - [02/Jan/2020:13:18:58 +0100] "POST /wp-login.php HTTP/1.1" 200 2352 "-" "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

Date: Thu Jan 2 13:19:09 CET 2020

Unix timestamp: 1577967538.91

hiustenlahtonet.com is an unknown website from our end and we do not know how this happens. We need an security expert in this field to help us tackle the issue.
Skills:
unix,linux,antispam/antivirus,malware,mozilla (firefox),software development,system administration,web
Category
Source: peopleperhour.com

Add a bid

days