|CentOS Linux 7.9.2009||REQUIRED|
I have a security problem with virtualmin, specifically with vulnerability in PHP-CGI, I found that the server had php 5.4 installed, they indicate that updating php to 7 fixes the error, but the error continues, they create new files in the public folder, in php as in txt.
I already changed admin passwords, remove ftp and smtp services, install and configure fail2ban for http, but nothing works, delete old users, change the passwords of all users.
install fail2ban to block the ips by iptables but looking at the system unban appears after a while the ip that fail2ban had blocked, I don’t know how they manage to unblock the ips.
It generates files with content that I can’t understand. I’ll upload a sample of it.
the content of these files is as follows
What worries me the most is that it modifies the files that should be on the server:
I come to you if you can guide me with some configuration or how I remove this security flaw from the system, as you can see I have tried everything but nothing works, thank you very much for your help