Problem with Malware

June 5, 2014 2.8k views
Hello guys, recently i just created a machine pre installed with Ghost, http://blog.herebecoders.com/ and there are some guys when they enter in my blog that their anti-virus is accusing the site as harmfull... also i found this website which is saying the same: http://trafficlight.bitdefender.com/info?url=http%3A%2F%2Fblog.herebecoders.com&language=en_US The only thing i did was in the nginx config to point the "blog" subdomain to the Ghost blog, and the main domain to is pointing to a index.html file which redirects to blog.herebecoders.com. Can somebody help me with that? Thanks
8 Answers
Hi!

I ran your site through a few other malware detectors, and it's not showing positive. It's possible that bitdefender uses a list of IPs that previously had malware instead of actively scanning when you enter the sites domain. You could try taking a snapshot and spinning up a new instance of your site on a different IP address. Or you might want to contact bitdefender directly and ask them to rescan the site.

Let us know how it goes!
Yeah, i think you might be right... i just checked this url:

https://www.virustotal.com/en/url/7d76a1fc21bf33ca92d70b9f2313769672c17e485be316826fdfe25612b5c065/analysis/

And it says that only bitdefender accuses it as a malware...

Could you give some detailed explanations (or maybe a url of digital ocean's tutorial) of how can i do this snapshop and then run a new machine and recover everything i did?

Thanks Andrew for your help!
Take a look at https://www.digitalocean.com/community/articles/how-to-migrate-droplets-using-snapshots. Make sure you create the new droplet before destroying the old one so you get a new IP address.
by Zach Bouzan-Kaloustian
This tutorial covers how to manually migrate droplets between hypervisors by taking a snapshot of the droplet and then spinning it up in a different region.
That`s great!

Just one last question, if I create a new Droplet to use the snapshot, will I pay the monthly cost for the 2 droplets? the one I just created, and the one i deleted?
You would pay the same amount you would pay if you kept the existing droplet running for the rest of the month. Since you're billed hourly, replacing a droplet with one of the same size shouldn't affect your bill.
Ahhhh cool, i thought it was monthly, not hourly.

Thanks Kamal!
I'd like to make another question about this malware problem...

I Just updated my ngnix version to 1.6.0, and when i run my IP in this malware checker, its says that everything is ok

http://sitecheck.sucuri.net/results/162.243.91.192

But when I run my domain "which is configured to point to this ip", it says that it has some problems, also with the nginx version

http://sitecheck.sucuri.net/results/blog.herebecoders.com

How is that possible if this domain is pointing to this server?

Thanks Guys for all this help.
Sorry but i think i just got the answer...

When I ran my domain on this website, it had the old version of NGINX, and it may have cached this status...

now that i updated, i tried running another subdomain and it's ok

http://sitecheck.sucuri.net/results/www.herebecoders.com

Thx anyway :)
Have another answer? Share your knowledge.