1. Install mod_security. (will stop code injection and defend from web attack.)
2. Migrate Comus Thumbs to Smart Thumbs - export and import gals, set cron/templates/trades/secure.php/etc..
3. Remove CT completely.
4. Find bad phpshell scripts(backdoor) that hacker installed into your server and remove them.
Quote:
|
grep -R 696620287374 * > /home/backdoor.txt &
|
(will find backdoor scripts under /home and save list to /home/backdoor.txt - normally they named with 'backup.php, sync.php')
5. Find infected website files and edit/delete.
Quote:
|
grep -R svrtsg:#9@#yliwvi:#mlmv@# * > /home/infected.txt &
|
(will find all js code injected files under /home and save list to /home/infected.txt)
6. Repeat #4~#5.
7. Setup better security.
change all server passwords(linux users/mysql users/web logins).
install Rootkit Hunter.
update APPs via yum(centOS).
apache in suexec mode, use suphp, no 777 permission.
use SFTP.
update mod_security rules.
install reliable anti-spyware to your local machine.