A Headache for all Web Hosting Companies
Internet usage all over the world is increasing with every passing day and as it is said with good, evil also comes; same has happened with rapid changes in technology world different viruses, malware and methods from hackers for the sake of hacking are applied. The most recent one is Crypto PHP, which has stormed web hosting companies with its presence.
What is Crypto PHP?
Crypto PHP is a spam sending infection, it usually comes with nulled themes of open sources like WordPress, Joomla or Drupal. It is commonly found in image files and name use for it is “social.png”, though it can be found with different name also but until now hackers have mostly used “social.png” name for such infected files.
Diagnosing Crypto PHP
As stated above it is commonly found in image files namely social.png. To diagnose it search for file name social.png, like other image files try it to open in any image viewer and it will not be displayed. Now, try to open it on notepad and you will see a code written in it.
How Crypto PHP works
Almost all themes have common image names like social.png, hackers makes a script and save files in image format. After uploading of theme on server, hackers from their personal computers can ping site using that file and are able to send spam emails, this can result in the blacklist of IP and most importantly one using infected server, emails sent from those will be returned. Most spam emails sent using this, are used for false SEO techniques.
Removal of Crypto PHP
There are three methods from which crypto PHP can be remove from server and are as follows,
- Norton Power eraser is a free tool and it is effectively use by many server administrators to remove crypto PHP. Most admirable feature of this tool is that it doesn’t needed to be install, it can just be downloaded and run.
- Second option is to get list of all social.png files that exist in server and if they are editable files then those accounts needed to be terminated.
- Third option is to use Config Server Explorer most commonly known as CSF. Through CSF you can search for file name social.png that are present in server. After complete search it will display result of all files that presently exist on server with name social.png including their path and link to it. After clicking on a path link, image named with social.png will be displayed and if it’s an infected file than an option of edit will appear with it. You can delete all infected files to make your server secure.
Important Measures against infected server
Most important thing is that if server is infected with crypto PHP than that particular account that is infected should be terminated and created from scratch. Only removal of file will not result in complete removal of infection as hackers using these techniques have complete access to database of website, so by using it they can again create infected files.
About the Author