HEX
Server: Apache/2
System: Linux jingle.dotvndns.vn 2.6.32-754.17.1.el6.x86_64 #1 SMP Tue Jul 2 12:42:48 UTC 2019 x86_64
User: chuahuehuong (1863)
PHP: 7.3.16
Disabled: apache_note,apache_setenv,proc_get_status,exec,passthru,proc_nice,proc_terminate,shell_exec,system,ini_restore,syslog,define_syslog_variables,symlink,link,error_log,leak,dbmopen,closelog,stream_socket_server,execl,escapeshellcmd,ini_alter,dl,show_source,posix_getpwuid,posix_geteuid,posix_getegid,posix_getgrgid,open_basedir,safe_mode_include_dir,pcntl_exec,pcntl_fork,pclose,virtual,openlog,popen,escapeshellarg,eval,calo,posix_getpwuid,symlinks,symlink,getpwuid,mail
$ pwd: /usr/local/maldetect.bk3766/logs/
Upload Files
File: //usr/local/maldetect.bk3766/logs/event_log
May 09 2026 03:37:13 jingle maldet(15068): {sigup} performing signature update check...
May 09 2026 03:37:13 jingle maldet(15068): {sigup} could not determine signature version
May 09 2026 03:37:13 jingle maldet(15068): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
May 09 2026 03:37:13 jingle maldet(15068): {sigup} signature files missing or corrupted, forcing update...
May 09 2026 03:37:13 jingle maldet(15068): {sigup} new signature set 2026050590486 available
May 09 2026 03:37:13 jingle maldet(15068): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
May 09 2026 03:37:14 jingle maldet(15068): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz
May 09 2026 03:37:15 jingle maldet(15068): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-sigpack.tgz.md5
May 09 2026 03:37:15 jingle maldet(15068): {sigup} downloading https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
May 09 2026 03:37:15 jingle maldet(15068): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz
May 09 2026 03:37:16 jingle maldet(15068): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet-cleanv2.tgz.md5
May 09 2026 03:37:16 jingle maldet(15068): {sigup} verified md5sum of maldet-sigpack.tgz
May 09 2026 03:37:16 jingle maldet(15068): {sigup} unpacked and installed maldet-sigpack.tgz
May 09 2026 03:37:16 jingle maldet(15068): {sigup} verified md5sum of maldet-clean.tgz
May 09 2026 03:37:16 jingle maldet(15068): {sigup} unpacked and installed maldet-clean.tgz
May 09 2026 03:37:16 jingle maldet(15068): {sigup} signature set update completed
May 09 2026 03:37:16 jingle maldet(15068): {sigup} 51470 signatures (45387 MD5 | 2377 HEX | 3706 YARA | 0 USER)
May 09 2026 03:37:16 jingle maldet(13538): {update} completed update v1.6.6 3a1792 => v1.6.6 9e0178, running signature updates...
May 09 2026 03:37:17 jingle maldet(16510): {sigup} performing signature update check...
May 09 2026 03:37:17 jingle maldet(16510): {sigup} local signature set is version 2026050590486
May 09 2026 03:37:18 jingle maldet(16510): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
May 09 2026 03:37:18 jingle maldet(16510): {sigup} latest signature set already installed
May 09 2026 03:37:18 jingle maldet(13538): {update} update and config import completed
May 09 2026 03:37:19 jingle maldet(17848): {sigup} performing signature update check...
May 09 2026 03:37:19 jingle maldet(17848): {sigup} local signature set is version 2026050590486
May 09 2026 03:37:19 jingle maldet(17848): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
May 09 2026 03:37:19 jingle maldet(17848): {sigup} latest signature set already installed
May 09 2026 03:37:21 jingle maldet(19164): {scan} launching scan of /home?/?/domains/?/public_html/,/var/www/html/?/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
May 09 2026 03:37:47 jingle maldet(19164): {scan} signatures loaded: 51470 (45387 MD5 | 2377 HEX | 3706 YARA | 0 USER)
May 09 2026 03:37:47 jingle maldet(19164): {scan} building file list for /home?/?/domains/?/public_html/,/var/www/html/?/ of new/modified files from last 1 days, this might take awhile...
May 09 2026 03:37:47 jingle maldet(19164): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
May 09 2026 03:37:47 jingle maldet(19164): {scan} executed /bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /bin/find /home?/?/domains/?/public_html/,/var/www/html/?/ /tmp /var/tmp /dev/shm  -path "/usr/local/maldetect" -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
May 09 2026 03:39:39 jingle maldet(19164): {scan} file list completed in 112s, found 21623 files...
May 09 2026 03:39:39 jingle maldet(19164): {scan} found clamav binary at /usr/local/bin/clamdscan, using clamav scanner engine...
May 09 2026 03:39:39 jingle maldet(19164): {scan} scan of /home?/?/domains/?/public_html/,/var/www/html/?/ (21623 files) in progress...
May 09 2026 03:54:31 jingle maldet(19164): {scan} scan completed on /home?/?/domains/?/public_html/,/var/www/html/?/: files 21623, malware hits 0, cleaned hits 0, time 1030s
May 09 2026 03:54:31 jingle maldet(19164): {scan} scan report saved, to view run: maldet --report 260509-0337.19164
May 10 2026 03:31:48 jingle maldet(2512): {update} checking for available updates...
May 10 2026 03:31:49 jingle maldet(2512): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
May 10 2026 03:31:49 jingle maldet(2512): {update} hashing install files and checking against server...
May 10 2026 03:31:49 jingle maldet(2512): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
May 10 2026 03:31:49 jingle maldet(2512): {update} latest version already installed.
May 10 2026 03:31:50 jingle maldet(3932): {sigup} performing signature update check...
May 10 2026 03:31:50 jingle maldet(3932): {sigup} local signature set is version 2026050590486
May 10 2026 03:31:51 jingle maldet(3932): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
May 10 2026 03:31:51 jingle maldet(3932): {sigup} latest signature set already installed
May 10 2026 03:31:52 jingle maldet(5251): {scan} launching scan of /home?/?/domains/?/public_html/,/var/www/html/?/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
May 10 2026 03:31:55 jingle maldet(5251): {scan} signatures loaded: 51470 (45387 MD5 | 2377 HEX | 3706 YARA | 0 USER)
May 10 2026 03:31:55 jingle maldet(5251): {scan} building file list for /home?/?/domains/?/public_html/,/var/www/html/?/ of new/modified files from last 1 days, this might take awhile...
May 10 2026 03:31:55 jingle maldet(5251): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
May 10 2026 03:31:55 jingle maldet(5251): {scan} executed /bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /bin/find /home?/?/domains/?/public_html/,/var/www/html/?/ /tmp /var/tmp /dev/shm  -path "/usr/local/maldetect" -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
May 10 2026 03:33:39 jingle maldet(5251): {scan} file list completed in 104s, found 11557 files...
May 10 2026 03:33:39 jingle maldet(5251): {scan} found clamav binary at /usr/local/bin/clamdscan, using clamav scanner engine...
May 10 2026 03:33:39 jingle maldet(5251): {scan} scan of /home?/?/domains/?/public_html/,/var/www/html/?/ (11557 files) in progress...
May 10 2026 03:40:19 jingle maldet(5251): {hit} malware hit {MD5}php.backdoor.overwriteglobals.19040 found for /home/nnuoc/domains/adelahotel.com.vn/public_html/wp-ajax-hook9.php.suspected
May 10 2026 03:40:19 jingle maldet(5251): {hit} malware hit {YARA}SIGNATURE_BASE_WEBSHELL_Cookie_Post_Obfuscation found for /home/nnuoc/domains/adelahotel.com.vn/public_html/wp-admin/css/qnaptjgq.php
May 10 2026 03:40:19 jingle maldet(5251): {hit} malware hit {YARA}SIGNATURE_BASE_WEBSHELL_Cookie_Post_Obfuscation found for /home/nnuoc/domains/adelahotel.com.vn/public_html/wp-admin/css/colors/ectoplasm/riipnqwc.php
May 10 2026 03:40:19 jingle maldet(5251): {hit} malware hit {YARA}SIGNATURE_BASE_WEBSHELL_Cookie_Post_Obfuscation found for /home/nnuoc/domains/adelahotel.com.vn/public_html/wp-content/themes/flatsome/template-parts/tmcusywk.php
May 10 2026 03:40:19 jingle maldet(5251): {hit} malware hit {YARA}SIGNATURE_BASE_WEBSHELL_Cookie_Post_Obfuscation found for /home/nnuoc/domains/adelahotel.com.vn/public_html/wp-content/plugins/sitepress-multilingual-cms/changelog/ksnqcril.php
May 10 2026 03:40:19 jingle maldet(5251): {hit} malware hit {CAV}Multios.Coinminer.Miner-6781728-2 found for /home/nnuoc/domains/adelahotel.com.vn/public_html/wp-content/plugins/call-now-button/src/admin/button/auctionoffers
May 10 2026 03:40:19 jingle maldet(5251): {hit} malware hit {CAV}Multios.Coinminer.Miner-6781728-2 found for /home/nnuoc/domains/adelahotel.com.vn/public_html/wp-content/plugins/woosidebars/assets/com_remository
May 10 2026 03:40:19 jingle maldet(5251): {hit} malware hit {YARA}SIGNATURE_BASE_WEBSHELL_Cookie_Post_Obfuscation found for /home/nnuoc/domains/adelahotel.com.vn/public_html/wp-includes/certificates/rqddoebn.php
May 10 2026 03:40:19 jingle maldet(5251): {scan} scan completed on /home?/?/domains/?/public_html/,/var/www/html/?/: files 11557, malware hits 8, cleaned hits 0, time 507s
May 10 2026 03:40:19 jingle maldet(5251): {scan} scan report saved, to view run: maldet --report 260510-0331.5251
May 10 2026 03:40:19 jingle maldet(5251): {scan} quarantine is disabled! set quarantine_hits=1 in conf.maldet or to quarantine results run: maldet -q 260510-0331.5251
May 11 2026 03:29:21 jingle maldet(10299): {update} checking for available updates...
May 11 2026 03:29:22 jingle maldet(10299): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
May 11 2026 03:29:22 jingle maldet(10299): {update} hashing install files and checking against server...
May 11 2026 03:29:22 jingle maldet(10299): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
May 11 2026 03:29:22 jingle maldet(10299): {update} latest version already installed.
May 11 2026 03:29:24 jingle maldet(11620): {sigup} performing signature update check...
May 11 2026 03:29:24 jingle maldet(11620): {sigup} local signature set is version 2026050590486
May 11 2026 03:29:24 jingle maldet(11620): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
May 11 2026 03:29:24 jingle maldet(11620): {sigup} latest signature set already installed
May 11 2026 03:29:26 jingle maldet(12926): {scan} launching scan of /home?/?/domains/?/public_html/,/var/www/html/?/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
May 11 2026 03:29:28 jingle maldet(12926): {scan} signatures loaded: 51470 (45387 MD5 | 2377 HEX | 3706 YARA | 0 USER)
May 11 2026 03:29:28 jingle maldet(12926): {scan} building file list for /home?/?/domains/?/public_html/,/var/www/html/?/ of new/modified files from last 1 days, this might take awhile...
May 11 2026 03:29:28 jingle maldet(12926): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
May 11 2026 03:29:28 jingle maldet(12926): {scan} executed /bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /bin/find /home?/?/domains/?/public_html/,/var/www/html/?/ /tmp /var/tmp /dev/shm  -path "/usr/local/maldetect" -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
May 11 2026 03:31:32 jingle maldet(12926): {scan} file list completed in 124s, found 1627 files...
May 11 2026 03:31:32 jingle maldet(12926): {scan} found clamav binary at /usr/local/bin/clamdscan, using clamav scanner engine...
May 11 2026 03:31:32 jingle maldet(12926): {scan} scan of /home?/?/domains/?/public_html/,/var/www/html/?/ (1627 files) in progress...
May 11 2026 03:32:51 jingle maldet(12926): {scan} scan completed on /home?/?/domains/?/public_html/,/var/www/html/?/: files 1627, malware hits 0, cleaned hits 0, time 205s
May 11 2026 03:32:51 jingle maldet(12926): {scan} scan report saved, to view run: maldet --report 260511-0329.12926
May 12 2026 03:43:48 jingle maldet(31042): {update} checking for available updates...
May 12 2026 03:43:48 jingle maldet(31042): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
May 12 2026 03:43:48 jingle maldet(31042): {update} hashing install files and checking against server...
May 12 2026 03:43:49 jingle maldet(31042): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
May 12 2026 03:43:49 jingle maldet(31042): {update} latest version already installed.
May 12 2026 03:43:50 jingle maldet(32389): {sigup} performing signature update check...
May 12 2026 03:43:50 jingle maldet(32389): {sigup} local signature set is version 2026050590486
May 12 2026 03:43:50 jingle maldet(32389): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
May 12 2026 03:43:50 jingle maldet(32389): {sigup} latest signature set already installed
May 12 2026 03:43:52 jingle maldet(1272): {scan} launching scan of /home?/?/domains/?/public_html/,/var/www/html/?/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
May 12 2026 03:43:58 jingle maldet(1272): {scan} signatures loaded: 51470 (45387 MD5 | 2377 HEX | 3706 YARA | 0 USER)
May 12 2026 03:43:58 jingle maldet(1272): {scan} building file list for /home?/?/domains/?/public_html/,/var/www/html/?/ of new/modified files from last 1 days, this might take awhile...
May 12 2026 03:43:58 jingle maldet(1272): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
May 12 2026 03:43:58 jingle maldet(1272): {scan} executed /bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /bin/find /home?/?/domains/?/public_html/,/var/www/html/?/ /tmp /var/tmp /dev/shm  -path "/usr/local/maldetect" -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
May 12 2026 03:46:07 jingle maldet(1272): {scan} file list completed in 129s, found 5132 files...
May 12 2026 03:46:07 jingle maldet(1272): {scan} found clamav binary at /usr/local/bin/clamdscan, using clamav scanner engine...
May 12 2026 03:46:07 jingle maldet(1272): {scan} scan of /home?/?/domains/?/public_html/,/var/www/html/?/ (5132 files) in progress...
May 12 2026 03:50:20 jingle maldet(1272): {scan} scan completed on /home?/?/domains/?/public_html/,/var/www/html/?/: files 5132, malware hits 0, cleaned hits 0, time 388s
May 12 2026 03:50:20 jingle maldet(1272): {scan} scan report saved, to view run: maldet --report 260512-0343.1272
May 13 2026 03:39:44 jingle maldet(10854): {update} checking for available updates...
May 13 2026 03:39:44 jingle maldet(10854): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
May 13 2026 03:39:44 jingle maldet(10854): {update} hashing install files and checking against server...
May 13 2026 03:39:45 jingle maldet(10854): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
May 13 2026 03:39:45 jingle maldet(10854): {update} latest version already installed.
May 13 2026 03:39:46 jingle maldet(12187): {sigup} performing signature update check...
May 13 2026 03:39:46 jingle maldet(12187): {sigup} local signature set is version 2026050590486
May 13 2026 03:39:47 jingle maldet(12187): {sigup} downloaded https://cdn.rfxn.com/downloads/maldet.sigs.ver
May 13 2026 03:39:47 jingle maldet(12187): {sigup} latest signature set already installed
May 13 2026 03:39:48 jingle maldet(13508): {scan} launching scan of /home?/?/domains/?/public_html/,/var/www/html/?/ changes in last 1d to background, see /usr/local/maldetect/logs/event_log for progress
May 13 2026 03:39:52 jingle maldet(13508): {scan} signatures loaded: 51470 (45387 MD5 | 2377 HEX | 3706 YARA | 0 USER)
May 13 2026 03:39:52 jingle maldet(13508): {scan} building file list for /home?/?/domains/?/public_html/,/var/www/html/?/ of new/modified files from last 1 days, this might take awhile...
May 13 2026 03:39:52 jingle maldet(13508): {scan} setting nice scheduler priorities for all operations: cpunice 19 , ionice 6
May 13 2026 03:39:52 jingle maldet(13508): {scan} executed /bin/nice -n 19 /usr/bin/ionice -c2 -n 6 /bin/find /home?/?/domains/?/public_html/,/var/www/html/?/ /tmp /var/tmp /dev/shm  -path "/usr/local/maldetect" -prune -o -maxdepth 15 -regextype posix-egrep \( -mtime -1 -o -ctime -1 \) -type f -size +24c -size -25976319c  -not -perm 000   -not -uid 0 -not -gid 0  
May 13 2026 03:42:16 jingle maldet(13508): {scan} file list completed in 144s, found 1647 files...
May 13 2026 03:42:16 jingle maldet(13508): {scan} found clamav binary at /usr/local/bin/clamdscan, using clamav scanner engine...
May 13 2026 03:42:16 jingle maldet(13508): {scan} scan of /home?/?/domains/?/public_html/,/var/www/html/?/ (1647 files) in progress...
May 13 2026 03:43:43 jingle maldet(13508): {scan} scan completed on /home?/?/domains/?/public_html/,/var/www/html/?/: files 1647, malware hits 0, cleaned hits 0, time 235s
May 13 2026 03:43:43 jingle maldet(13508): {scan} scan report saved, to view run: maldet --report 260513-0339.13508
May 14 2026 03:15:58 jingle maldet(2327): {update} checking for available updates...
May 14 2026 03:15:59 jingle maldet(2327): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.ver
May 14 2026 03:15:59 jingle maldet(2327): {update} hashing install files and checking against server...
May 14 2026 03:15:59 jingle maldet(2327): {update} downloaded https://cdn.rfxn.com/downloads/maldet.current.hash
May 14 2026 03:15:59 jingle maldet(2327): {update} version check shows latest but hash check failed, forcing update...
May 14 2026 03:16:00 jingle maldet(2327): {update} downloaded https://cdn.rfxn.com/downloads/maldetect-current.tar.gz
May 14 2026 03:16:00 jingle maldet(2327): {update} downloaded https://cdn.rfxn.com/downloads/maldetect-current.tar.gz.md5
May 14 2026 03:16:00 jingle maldet(2327): {update} verified md5sum of maldetect-current.tar.gz
@ Telegram