Hi every one
I am running a VPS
the hosting provider sent a message mentioning my VPS is attacking other vps
I found high memory usage
I am working with WordPress sites, I am not expert, I keep updating the server with update messages and packages which it comes
now they suspended my VPS and asking to rebuild it which I don’t want it
please help
You have done the right thing @elhassan by keeping your server updated in a timely manner and have therefore kept it secure; the malware is likely limited to one or more virtual servers. It is therefore safe to assume that your vps can be salvaged easily without your needing to rebuild it from scratch.
If your vps has been suspended, then the first thing to do is determine what are the ways available to you to access your files.
does your vps host offer access to your files via the control panel?
can you create a new vps and mount the image of the suspended vps on to it, so that your files may be accessed?
Once your files in the suspended vps can be accessed, you could do as @jimdunn suggests or you could try this short-cut:
restore your old vps to a new vps
disable all virtual servers / WordPress websites on the new vps via Virtualmin → Disable and Delete → Disable Virtual Server
enable one by one the virtual servers / WordPress websites on the new vps while you watch closely the processes used and traffic generated so that if there is a virtual server / WordPress site that you have enabled that has malware, you could immediately disable / delete it
In this way, you could bring back online those virtual servers / WordPress websites that do not have malware / are not attacking other vps’.
You also need to know the plugins you use, and configurations / settings.
Then together with those information u should go to the aplication / plugin sites and take care to stay informed about sercurity bugs. ( sometimes they have newsletter…)
When a security issue, most of the times updates are later then known the bugs.
Also take care to stay informer about CVE for those products, then you can decide to not use a (that) part if there is a security bug bu no update yet! (Sometimes they giv a timeley workarround a fast fix there)
hello friends
thanks for expert kind replies
the problem as addressed from hosting company was from one of the servers configured
they directed to
1 remove certain files
2- Ensure that themes and plugins are kept updated and remove ones that are old, not in use, and/or no longer updated by the author.
3-Installing the Wordfence WordPress plugin
so i will revise both the VPS and the server by contacting the theme provider and update you