View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions File In Public HTML I need to remove but cant.
Log in to Ask a Question

File In Public HTML I need to remove but cant.

general

Hi Guys, one account on my linode is hacked. I run a wordpress site there and a forum. From my google listing it shows The Forum to be unharmed, but google have been warning the wordpress site is hacked for same time.

I cleaned out the full wordpress installation. Changed passwords etc. But the hack came back.

Ive notice a file in my public html folder that I dont think should be there.

Its called Tmp and its full of stuff I know nothing about and I cant see why ist there or how it got there. When I try to remove that folder or any of its contents via ftp I get the message Permission denied.

Can someone advise on how I can get this off my account. Im not familiar with root acess but i know this folder is the likely cause of my hacking.

5 Replies

You need to start fresh with a new Linode. Trying to remove malware from your compromised system will be an unsuccessful game of Whac-a-Mole.

ok, i was looking at that option last night, and feel it could be a possibility. Would it be posisble, along with some guidance from in here for me to set up a new linode myself ?? How difficult is it ?? im not dumb but this isnt muy usual kind of thing.

In the meantime, Can you pleased advise on how to get rid of that Folder I mentioned above ? Im absolutely certain its the cause of the problem.

Sorry to ask again, but can anyone offer some guidance ??

Try to remove the folder using command line, if file permission is not correct you won't be remove it using FTP

Use the command rm -rf /file/location

Make sure to use correct location or it will remove all your data from the server so don't try this if you don't have commandline skills.

Thankyou for taking the time to reply, its very much appreciated.I dont have ssh skills but Im willing to learn. I am currently sat looking at ssh and it says

[root@li446-62 ~]#

Can you please advise on what to do next. The linode hosts 4 domains

whitby-photography.com

real-whitby.co.uk

whitbyseaanglers.co.uk

holderness-coast-fishing.co.uk

The offending file is in Holderness-fishing.co-uk

How can I get rid of it using ssh please.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct