Posted 2 years ago #
Guys,
my website http://www.debianadmin.com seems to be hacked and i didn't have clue what to do when any one try to access any page it downloading some virus script.I have checked the following
1) Changed passwords
2) Checked for any malware script on footer,header,index pages
I am really out of ideas and don't know what to do now
Thanks for your help
Posted 2 years ago #
Google says:
What is the current listing status for debianadmin.com?
Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.
What happened when Google visited this site?
Of the 63 pages we tested on the site over the past 90 days, 12 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-01-22, and the last time suspicious content was found on this site was on 2010-01-22.
Malicious software includes 87 scripting exploit(s), 21 trojan(s).
Malicious software is hosted on 7 domain(s), including thjkibltuno.com/, mghonppmuno.com/, fhjpovqfuno.com/.
1 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including search.twitter.com/.
This site was hosted on 1 network(s) including AS12129 (123NET).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, debianadmin.com appeared to function as an intermediary for the infection of 2 site(s) including pixel2life.com/, unix-tutorials.com/.
Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 6 domain(s), including liberatum.ru/, dreamluverz.com/, pixel2life.com/.
How did this happen?
In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
Posted 2 years ago #
Don't you have any prior backup? Use it if you've got it. Otherwise, I'd just install a new blog. New year, new blog, sounds good.
Cheers and good luck
Posted 2 years ago #
OK guys here is an update i have found some malicious code in my index.php page so i have removed now and also changed file permissions from 755 to 644.
I have resubmitted for review for google and stopbadware.org
I hope that would fix and i will keep monitoring
Posted 2 years ago #
You need to try to figure out how you've been hacked, and fix any vulnerability which can have caused it.
Dont forget to change FTP password, as well as your database and WP passwords too (try mixing numbers, letter, caps case, special characters -- just the database wont accept special characters, but it does accept the rest). Get sure no other user was added as admin by the hacker. Protect your blog with .htaccess (for example, restricting your wp-adim to only your IP or password protecting login.php file).
And take a look at this:
http://codex.wordpress.org/FAQ_My_site_was_hacked
Cheers
This topic has been closed to new replies.
