Hacked!


#1

One of my sites hacked, iframe worm injected. I cleaned files & am working thru Wiki instructions.
I have a jabber directory we never started. It will not delete, how can get rid of this app?


#2

Check your Panel to see if Jabber was setup through that.

[color=#00CC00]Panel > Goodies > Jabber IM[/color]

If there’s no indication that’s how it was setup, take a look at the owner by using an SFTP client that shows the owner field.

Maximum Cash Discount on any plan with MAXCASH

How To Install PHP.INI / ionCube on DreamHost


#3

Thanks for the help. I found on panel I had set up users. deleted them all, but now I cannot get a file listing. I changed all users to SFTP for security & now it times out before it has loaded the site.
Is SFTP normally so painfully slow as to be unusable?


#4

SFTP is usually very quick.

-Scott


#5

Found Jabber in Dreamhost panel, I am the owner. I deleted all the users set up. Went back to file listing using WinSCP (STFTP) & still cannot delete the folder. Probably won’t hurt anything to leave it there but I am trying to get everything cleaned up that might not belong. It is a real bummer getting a client’s site hacked. It is my job to prevent that.
Discovered that the slow file transfer related to another DH client loading a bunch of videos. DH support intervened & did whatever they do in such cases.
DH support has been spectacular in helping me over the last couple of days (and nights).
So, bottom line relating to this thread, I still would like to be able to delete the Jabber folder.


#6

If you can’t delete a folder, contact Support and have them change the permissions/ownership. It’s not surprising that you can’t delete Jabber, since DH-installed service folders tend to be DH owned.

-Scott


#7

[quote]Found Jabber in Dreamhost panel, I am the owner. I deleted all the users set up. Went back to file listing using WinSCP (STFTP) & still cannot delete the folder. Probably won’t hurt anything to leave it there but I am trying to get everything cleaned up that might not belong. It is a real bummer getting a client’s site hacked. It is my job to prevent that.
Discovered that the slow file transfer related to another DH client loading a bunch of videos. DH support intervened & did whatever they do in such cases.
DH support has been spectacular in helping me over the last couple of days (and nights).
So, bottom line relating to this thread, I still would like to be able to delete the Jabber folder.[/quote]
You might likely to keep it disabled or uninstalled since Jabber is a part of Dreamhost One-click install.

Regards,

Ryan


#8

as suggested above, Jabber was deleted by DH support team. They have sure been helpful & patient with me the past couple of weeks.
I think I have the infection cleared & the barn door closed for the moment.
Thanks to all the help from the forum.