My server is attacking other servers

OS type and version
Webmin version 1.990
Virtualmin version 6.17-3
Related packages SUGGESTED

Hi every one
I am running a VPS
the hosting provider sent a message mentioning my VPS is attacking other vps
I found high memory usage
I am working with WordPress sites, I am not expert, I keep updating the server with update messages and packages which it comes
now they suspended my VPS and asking to rebuild it which I don’t want it
please help

Hey, I just google’d “how scan linux server for malware” and got this 2021 link:

And, in case that link fails, here's the list:

1. Lynis

sudo apt-get install -y lynis

2. chkrootkit

sudo apt update
sudo apt install chkrootkit

3. rkhunter

sudo apt-get install rkhunter -y

4. ClamAV

sudo apt-get install clamav clamav-daemon -y

5. Linux Malware Detect

sudo apt-get -y install git
git clone
cd linux-malware-detect/
sudo ./

6. Radare2

sudo apt-get install git
git clone
cd radare2 ; sys/

7. OpenVAS

8. REMnux

9. Tiger

sudo apt-get update
sudo apt-get install tiger

10. Maltrail

sudo apt-get update && sudo apt-get upgrade
sudo apt-get install git python-pcapy python-setuptools
# Then, clone the official Maltrail Git repository:
git clone
# Change the directory and run the Python script:
cd /mailtrail
1 Like

And, if you do re-install… here’s a script I wrote to generate long passwords:

#!/usr/bin/perl --
use strict; use warnings;
print generatePassword(64) . "\n";

sub generatePassword {
    my $length = shift;
    my $password = '';
    my $alpha = 'abcdefghijkmnpqrstuvwxyzABCDEFGHJKLMNPQRSTUVWXYZ';
    my $nums = '23456789';
    my $specials = '!#$%&()*+,-./:;<=>?@[\]^_{|}~';
    my $possible = $alpha . $nums . $specials;
    $password = substr($alpha, (int(rand(length($alpha)))), 1);
    while (length($password) < $length) {
        $password .= substr($possible, (int(rand(length($possible)))), 1);
    return $password

You have done the right thing @elhassan by keeping your server updated in a timely manner and have therefore kept it secure; the malware is likely limited to one or more virtual servers. It is therefore safe to assume that your vps can be salvaged easily without your needing to rebuild it from scratch.

If your vps has been suspended, then the first thing to do is determine what are the ways available to you to access your files.

  1. does your vps host offer access to your files via the control panel?

  2. can you create a new vps and mount the image of the suspended vps on to it, so that your files may be accessed?

Once your files in the suspended vps can be accessed, you could do as @jimdunn suggests or you could try this short-cut:

  1. restore your old vps to a new vps
  2. disable all virtual servers / WordPress websites on the new vps via Virtualmin → Disable and Delete → Disable Virtual Server
  3. enable one by one the virtual servers / WordPress websites on the new vps while you watch closely the processes used and traffic generated so that if there is a virtual server / WordPress site that you have enabled that has malware, you could immediately disable / delete it

In this way, you could bring back online those virtual servers / WordPress websites that do not have malware / are not attacking other vps’.

You also need to know the plugins you use, and configurations / settings.
Then together with those information u should go to the aplication / plugin sites and take care to stay informed about sercurity bugs. ( sometimes they have newsletter…)

When a security issue, most of the times updates are later then known the bugs.

Also take care to stay informer about CVE for those products, then you can decide to not use a (that) part if there is a security bug bu no update yet! (Sometimes they giv a timeley workarround a fast fix there)

Al this doesn’t help you now , but for future. :wink:

CVE I mean example as this one:

hello friends
thanks for expert kind replies
the problem as addressed from hosting company was from one of the servers configured
they directed to
1 remove certain files
2- Ensure that themes and plugins are kept updated and remove ones that are old, not in use, and/or no longer updated by the author.
3-Installing the Wordfence WordPress plugin

so i will revise both the VPS and the server by contacting the theme provider and update you

thanks alot again

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.