Malicious content

[victor]

document: Malicious contents detected in ITCPay.docx

We found some malicious content in ITCPay. We found the malicious content in html/writetest.php

There is a link in ITCPay site that can be used to crash the site remotely. Anyone with this link can crash ITCPay site with just one click. He does not need server access or anything. Just the link is enough to cause massive damage.
The malicious link that can be used to crash ITCPay site is itcpay.com/writetest.php
Anyone with this link can crash the site easily. Please do not visit the above link. It can cause problems in the current ITCPay server.

Now log in to the current DigitalOcean? account. Turn off the current ITCPay Droplet. If you turn off the Droplet by using the On-Off switch in DigitalOcean? account dashboard, it can cause problems in the server. So it is recommended that you turn off the Droplet from the command line rather than using the On-Off switch.

We should turn off the current ITCPay Droplet now to protect the files hosted in the current ITCPay server.

After that create a new Ubuntu-NYC-512mb RAM Droplet in the DigitalOcean? account and host a fresh copy of ITCPay site in the new Droplet. When you create a new Droplet, we will receive the root password of the Droplet via email and we will forward you the root password.

Instructions for the new ITCPay server

1. Do not create any FTP account in the server.
2. Do not create any key in the server and do not create any alternative of root password for accessing the server.
3. Do not install any remote website management tool (e.g. Ajenti) in the server and do not create any alternative of root password for accessing the server.
4. Do not install any remote database management tool (e.g. phpMyAdmin) in the server.

Have you completed any work so far in ITCPay site in your local computers? If you have completed some works in ITCPay in your local computers, then your local computers contain the current latest version of ITCPay site.
Now start searching for malicious contents in the latest version of ITCPay site in your local computers (not in old ITCPay Droplet). Delete the malicious content writetest.php. And continue searching the entire website VERY VERY CAREFULLY to find more malicious content. If you find anymore malicious content, delete all the malicious contents from the website in your local computers.

After all the malicious contents has been removed from the ITCPay site in your local computers, host the fresh copy of the latest version of the ITCPay site in the new Droplet.

After all these are completed, we can destroy the old ITCPay Droplet from the DigitalOcean? account.