WordPress.org

Ready to get started?Download WordPress

Forums

[resolved] Windows users getting a nasty surprise at my blog (13 posts)

  1. psheld
    Member
    Posted 2 years ago #

    Hi, in the past couple of hours I've had three Windows users contact me to tell me there's something wrong with my blog – http://www.philipsheldrake.com.

    Two had A/V warnings in their Chrome browser – something about spyware. One says his machine just shut down. :-(

    I've scanned it with http://www.unmaskparasites.com and http://sitecheck.sucuri.net and neither reports any problems. I'm a MacBook Pro user so can't look at it myself in Windows.

    Could anyone be so kind as to help?

  2. govpatel
    Member
    Posted 2 years ago #

    I clicked on your website and My Norton Blocked intrusion

    Category: Intrusion Prevention
    Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
    2/15/2012 12:51 PM,High,An intrusion attempt by 31.184.192.35 was blocked.,Blocked,No Action Required,Web Attack: Malicious Toolkit Website 9,No Action Required,No Action Required,"31.184.192.35, 80",zoosalon.in/index.php?showtopic=559325,"MATHAV-1A073F5B (192.168.1.1, 3596)",31.184.192.35,"TCP, www-http"

  3. psheld
    Member
    Posted 2 years ago #

    Thanks govpatel.

    That doesn't look cool. Wonder how this happened and whether the other blogs on my site are OK? Wonder what I have to do now? :-(

  4. govpatel
    Member
    Posted 2 years ago #

    You will need check your wordpress see which file is infected.See if this helps
    http://codex.wordpress.org/FAQ_My_site_was_hacked

  5. psheld
    Member
    Posted 2 years ago #

    I think that this might be beyond my skillset, or time. Does anyone out there fix these things; sort of gun for hire?

  6. esmi
    Forum Moderator
    Posted 2 years ago #

  7. psheld
    Member
    Posted 2 years ago #

    Thanks esmi.

    Just for the record here, this is what I've done so far.

    * Change FTP passwords and delete unneeded accounts – DONE
    * Change your secret keys - DONE
    * Take a backup of what you have – DONE
    * ADMIN over SSL – NOT SURE? One to ask hosts about.
    * Used Bullet Proof Security to create secure .htaccess for root and for wp-admin folder, and to deny access to BPS Master and BPS Backup
    * Checked active_plugins record for PHP code disguised as jpeg file – None

    And I've just noticed that my long blogroll has been cut down to just six links. All are correctly hyperlinked.

  8. esmi
    Forum Moderator
    Posted 2 years ago #

  9. psheld
    Member
    Posted 2 years ago #

    Hi. My problems are getting worse. Another WordPress instance on the same hosting account has also been hit.

    I had a brief email exchange with http://sucuri.net last night who seem to have just the service I need, but they're totally silent today. Can't get a peep out of them. Maybe they're just stacked.

    Does anyone know of a similar service to Sucuri?

    Tx.

  10. psheld
    Member
    Posted 2 years ago #

    Right then. Sucuri got to me eventually, and tell me they've cleaned out the malware.

    Hopefully no-one gets that warning in Windows now!

    Thanks all for your help.

  11. photon-x
    Member
    Posted 2 years ago #

    Philip,

    Were you satisfied with Sucuri's services?

    Yes, my sites got hacked, too, and I'm looking at them to do the clean up.

    Thanks for any insights.

    Cheers.

  12. psheld
    Member
    Posted 2 years ago #

    Hi Photon-X,

    As you will tell from the thread, I was a little frustrated that a day passed without attention from Sucuri, but that appears to have been a blip.

    They cleaned my sites. I got hacked again. They looked into it further, cleaned them again and gave me advice on how to prevent reoccurrence. I took the advice, and so far so good.

    All in all, I recommend Sucuri.

  13. photon-x
    Member
    Posted 2 years ago #

    Hey,

    Thanks for the reply and info.

    Cheers,

Topic Closed

This topic has been closed to new replies.

About this Topic