15Mar
An attempted virus upload to server
Anyone help with this log from my hosts relating to an attempted virus upload via what looks like FTP?
It looks like the IP addresses are from the hosts but that proftpd is a piece of software?
What’s weird is that I logged in via cPanel around the same time (first time, also I think) to access the Files Manager and downloaded around a 16GB .zip
Feb 26 12:06:10 dd8200 proftpd[3093283]: 85.13.132.133 (85.13.143.1[85.13.143.1]) - USER f0166c53: Login successful.
Feb 26 12:25:17 dd8200 proftpd[3093283]: 85.13.132.133 (85.13.143.1[85.13.143.1]) - mod_clamav/0.14rc2: Virus 'php_shell_20231011_5721.UNOFFICIAL' found in '/www/htdocs/w011bcb0/[REDACTED]/[REDACTED]/logs/access_log_2019-01-20.gz'
