Today I found out that my whole server, including 3 WP sites and 3 joomla sites, has been compromised and all .php files were injected with trash code.
I tried GOTML in one of my wordpress sites and it worked beatifully, however, I’m not sure if I have to go through all the process site by site or if there’s a way to include more folders and joomla sites on my current installation.
My server’s hierarchy for each site is: /srv/www/[site-name]/public_html/…
So, is there a way to search for malicious code standing on the /srv/www/ folder?
PS – please note I will donate anyway as soon as I finish with this nightmare.
I have a similar problem. I have 2 VPS machines runnign websites and I would like to scan the enitre website data folder as I beleive several of my websites have been compromised. How can I scan the entire WWW and public_html directories? Thanks