Exploit in htdocs cant be deleted !!

Hello,

Yesterday I recieved an email from the DC saying my server have an ebay fraud page at the link http://0.0.0.0/20%/ebay
0.0.0.0=My server ip

I searched and found it located in : root@server /usr/local/apache/htdocs/ #
NOTE the last space after /htdocs/

I removed (rm -rf) and chown and chmod it more than 8 times and everytime its back again after minutes from removing it !!

Any idea how to solve that ?!

Thanks ...

 

 

 

 

Top