View All Products
Compute
Storage
Databases
Networking
Developer Tools
Delivery
Security
Services
Industries
Pricing
Community
Engage With Us
Community Questions apache user www-data hack my websites and my vps
Log in to Ask a Question

apache user www-data hack my websites and my vps

development

hello

my vps's environment is debian6+apache+mysql+php.

there are some websites built by wordpress, zen-cart,magento,prestashop,dedecms

now I found a problem that the user "www-data" occupies almost all CPU and Memory to uploads a lot of virus files into dedecms's website and send out large amounts of malicious traffic.

could you tell me how to solve the problem?

now ,I am trying to delete all the virus files and limit writing permission of the user "www-data"

could you show me how to limit the user "www-data" without affecting website's running ,because it seems the wordpress is using the user "www-data" to do some functions.

thanks

4 Replies

The Apache web server runs as user www-data. It needs to have access to your web files.

However, it does not necessarily need to have write access. See this Linode guide for more information on managing permissions.

You will find it impossible to completely clean up your existing system. You need to start with a new install. The problem is whatever service that was compromised, probably one of your web services. With your new install, make sure you are using web services that have the latest security patches. Otherwise it will just be compromised again.

thanks so much!

If you use a managed hosting provider such as LiquidWeb, one of the numerous php cloud hosting services, specialty php hosting services or a shared host like dreamhost, they will take some responsibility on the server side of things. If you can take the advice from the previous article, identify the malicious scripts and simply report them, they will help you clean things up. There are still tips below that will help you remove the malicious scripts yourself and then your hosting provider can check the servers for further intrusion such as root or shell access.

yes,maybe i need to consider changing a host

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct