pananza

Thanks for the tip about the tools. I'll make a script checking all the sites on "my" server. If more sites are infected then we are probably not going to get any further unless STW actually confesses and does something about the problem, for confirms that already have. I'll be getting fibre at home next month and it's time to reconsider hosting my domains myself.

I too have ServeTheWorld and several of my domains were compromised too. A random generated folder name with a php file and a file called m in it. All files/folders were dated the 25. april 2009, and I cannot see any changes after this date. The problem is that I'm on Windows servers (w02) and I only run ASP.Net (PHP is not even enabled on my domains). So this is not only limited to linux servers at ServeTheWorld. I too was in contact with support and they claimed that I must have malware on my PC that had snatched my FTP password. I'm not totally convinced. I'm running with an updated antivirus and antispyware. But I'll scan with some more just to be sure. I think ServeTheWorld has/had a big problem, but will not admit it. Do you have a script that checks all sites on the server for infection (since you have the list)? Or did you check all sites manually?