Since (what we noticed) this last Saturday, we’ve been experiencing problems with out Virtualmin server.
We currently host around 350 websites on it.
At ALL of the websites, www-data seems to upload files on it own, to all the customers.
index_backup.php - File added
.htaccess - File modified
w*********.php - File added
As of now, i do not see any means to track the files or where they come from!
I have found 1 website, where the server itself?! seems to use apache2 to visit the index_backup.php file!
Beyond this, it seemed also to send A LOT of emails - this has been delt with though
Any suggestions to this? Its very URGENT!
Please take a look at the attached screendump.