hello

my vps's environment is debian6+apache+mysql+php.
there are some websites built by wordpress, zen-cart,magento,prestashop,dedecms

now I found a problem that the user "www-data" occupies almost all CPU and Memory to uploads a lot of virus files into dedecms's website and send out large amounts of malicious traffic.

could you tell me how to solve the problem?

now ,I am trying to delete all the virus files and limit writing permission of the user "www-data"

could you show me how to limit the user "www-data" without affecting website's running ,because it seems the wordpress is using the user "www-data" to do some functions.

thanks

The Apache web server runs as user www-data. It needs to have access to your web files.

However, it does not necessarily need to have write access. See this Linode guide for more information on managing permissions.

You will find it impossible to completely clean up your existing system. You need to start with a new install. The problem is whatever service that was compromised, probably one of your web services. With your new install, make sure you are using web services that have the latest security patches. Otherwise it will just be compromised again.

thanks so much!

If you use a managed hosting provider such as LiquidWeb, one of the numerous php cloud hosting services, specialty php hosting services or a shared host like dreamhost, they will take some responsibility on the server side of things. If you can take the advice from the previous article, identify the malicious scripts and simply report them, they will help you clean things up. There are still tips below that will help you remove the malicious scripts yourself and then your hosting provider can check the servers for further intrusion such as root or shell access.

yes,maybe i need to consider changing a host