Posted 2 years ago #
Hi,
I am in great trouble. I have more than 20 websites out of that some are WP blog. All are working fine from last year but currently my WP sites are regularly attacked by VIRUS not my other sites.
Please please help me
For example:
http://www.todayindianews.com
http://blog.shawl.co.in
etc.
Varun
Hi,
You didn't describe the viruses, so it's hard to tell, but I have one idea for you.
If it's happening on many of your sites, and you use an FTP program on your computer with saved passwords, there's a certain type of malware that can log onto your FTP sites and put virus code on the site. And it's possible that this malware might be on your computer (if you use Windows).
If that sounds like your situation, I would suggest going here to get a malware scanner:
http://www.malwarebytes.org/
If that's not it, I would suggest asking for help from your website hosting tech support.
Namaste,
Dave
Posted 2 years ago #
Site 1
<meta name="generator" content="WordPress 2.7.1" />
Site 2
<meta name="generator" content="WordPress 2.8.6" />
One of the many simple things you can do, is keep your sites updated with the most current release of WordPress. That goes a long way in preventing many compromises, simply by making sure you have the latest security patches for known exploits as they are released.
Posted 2 years ago #
I think I'm having the same issue as Varun. Visitors to my site are getting a "popup" which is actually a new page, telling them that they have viruses on their computers. When you click on the popup it downloads a file to your computer called packupdate_build107_2045.exe. I'm using the latest version of wordpress. Any ideas on how to resolve this?
Scott
Posted 2 years ago #
And an almost inexhaustible supply of links, information and advice located here:
Posted 2 years ago #
:-)
Beat ya! ;-)
Posted 2 years ago #
Hi,
I have tried everything but no benfit, I have change password, Format my system, What all you had said, I tried but when after uploading site within few hours get infected.
I don't understand only WP blogs are getting attacked?
I feel like helpless or I should leave WP and catch other CMS now.
If anyone want to know about which virus I am facing so here is the description catches by my anti-virus:
Detected:HEUR:Trojan-Downloader.Script.Generic astrology.deepax.com
Detected: HEUR:Trojan-
Downloader.Script.Generic todayindianews.com/wp-includes/js/quicktags.js?ver=20081210
Detected: HEUR:Trojan-Downloader.Script.Generic http://www.todayindianews.com/wp-includes/js/quicktags.js?ver=20081210 Firefox
Detected: HEUR:Trojan-Downloader.Script.Generic http://www.todayindianews.com/wp-includes/js/quicktags.js?ver=20081210 Firefox
Detected: HEUR:Trojan-Downloader.Script.Generic http://newsout.in/ Firefox
Please help me.
Varun
jsrsolutions.com
Posted 2 years ago #
I have tried everything but no benfit, I have change password, Format my system, What all you had said, I tried but when after uploading site within few hours get infected.
No, you didn't. You are still running WordPress 2.7.1 on one blog and 2.8.6 on the other. Follow those instructions that esmi provided you in those links.
After you successfully delouse your blog, make a full backup of both the database and files, be prepared to restore them from scratch, and upgrade to 2.9.2.
http://codex.wordpress.org/WordPress_Backups
http://codex.wordpress.org/Backing_Up_Your_Database
http://codex.wordpress.org/Restoring_Your_Database_From_Backup
Follow the extended upgrade process and then harden your WordPress install. Do not forget to upgrade all of your themes and plugins too.
If after all that you are confirmed clean and you still get hacked, then go have a beer and talk to your hosting provider. All your hard work will come to naught if someone is hacking you via your hosting provider.
Posted 2 years ago #
I have checked my blog and found following code in my page:
wp-includes/default-filters.php
[hack script redacted]
I had removed it but I want to know the reason or from where it comes, etc.?
Regards
Varun
jsrsolutions.com
Posted 2 years ago #
I had removed it but I want to know the reason or from where it comes, etc.?
Please don't copy hacked code into the forums. It's enough that you tell us it's still happening. No need to propagate exploit info.
The reason and where it comes from the fact that you have not located and closed the hole that the attacker is coming into your file system. It's either performed via a compromised host, or your files are writeable and someone is logging into your install and making changes. That logging into your system can be/is usually fully automated. The attacker's script finds the exploit on the Internet and goes to town on your blog.
Just removing it is never enough. You need to run the current version (if only to make supporting you easier and make you more secure) and you need to close the door. From the looks of your posts, you have not performed either of those tasks.
This topic has been closed to new replies.
