Server hacked
-
Today I noticed when I pulled up my personal blog http://www.mackconsult.com/ that a pop up was occurring that required me to download the VIO player. I immediately started looking around in my browser for plugins, and also my computer for malicious software. Some quick google searches and I found that this is a server side thing, and when I clicked on it AVG caught the exec that downloads as a Trojan. It goes away after about 1 minute, but appears every time a refresh occurs.
Here is a screen shot.
I went back into my server and immediately changed the password, also locked my drives on the server that are encrypted.
The following is a snipped from my access log. This IP comes from Germany.
2014-03-23 00:33:41 admin 78.47.42.179 localhost FTP — Logout
2014-03-23 00:33:29 admin 78.47.42.179 localhost FTP hp Write
2014-03-23 00:33:25 admin 78.47.42.179 localhost FTP hp Write
2014-03-23 00:33:21 admin 78.47.42.179 localhost FTP — Login OKQNAP TS 259 w/ Qty 2 2TB SATA drives, one being encrypted
Current firmware version: 3.8.3 Build 20130426
You are using WordPress 3.3.2I know I can just delete the whole wordpress installation and rebuild everything from the ground up and chances are this would fix the issue. But if I am able to fix this manually I would like to do that instead.
The topic ‘Server hacked’ is closed to new replies.