Avatar of bleggee
bleggee
Flag for United States of America asked on

7MEMES.COM - Malware/Hack or Normal?

On my Linux/Apache Web Server, in the error logs I noticed several references to "7memes.com", failures trying to run "ROOT.PHP" from 7memes.com, etc.

Strange thing is, I somehow got a web page from my server being served up to me in a browser (I don't remember what I did to get there) and the Address Bar URL said "7memes.com", though the page was a very unique page from my web server.

Looks like 7memes.com is somehow connected to CLOUDFARE.

Does anyone know if this is Malware or some legit activity?

Apache Web Server* malwareLinux

Avatar of undefined
Last Comment
David Favor

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
David Favor

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
kenfcamp

Strange thing is, I somehow got a web page from my server being served up to me in a browser

It sounds like your box may have been compromised

You may want to consider taking it off-line until you can go through everything or better yet, wipe it out and restore from backup after a clean install
bleggee

ASKER
Thx David. Just to clarify, if you go to a Browser and enter "7memes.com" (and maybe refresh browser) I just added the initials "E.E." at the bottom of that short page. I just added that there to verify we are looking at my live web server (and not a copy of the page copied elsewhere).
So that means that if someone enter's 7memes.com, they will be directed to my server!!  
Any idea how they are doing that so I can stop it?  
David Favor

1) So that means that if someone enter's 7memes.com, they will be directed to my server!

Sounds like the old Warez site hack, where many sites were hacked to serve pirated software...

Then, upon visiting the Warez site, you were directed to one of the many Warez site pirate software clones all over the world.

2) Any idea how they are doing that so I can stop it?

Yes... and this can be a bit of long conversation.

Open a new question about this topic, as this problem has a different answer set from the original question.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck