perezbox
Forum Replies Created
-
Forum: Hacks
In reply to: Google Says My Website is HackedHi
Not seeing the blacklisting anymore. Still having an issue?
Forum: Fixing WordPress
In reply to: Strange issues out of nowhereDon’t know, that’s a question for AVG.
Sounds like they scanned it and found it was still housing the infection. if you feel confident you removed it then it’s best to wait it out, see if they agree.
Tony
Forum: Fixing WordPress
In reply to: Strange issues out of nowhereHere is the thing with AVG, they’re slow. If you just submitted it today, you have to give it a few days. Yes, that could be the problem.
They have to review then pass their determination, if its clean they’ll remove, but they’re not known for their speed.
I don’t understand your questions here:
How could it have been working since they blocked it in that case?
Tony
Forum: Fixing WordPress
In reply to: Strange issues out of nowhereHave you submitted to AVG for reconsideration?
Forum: Fixing WordPress
In reply to: Strange issues out of nowhereHow about the Core install?
What else do you have on your server? Is it one site on one server?
Forum: Fixing WordPress
In reply to: Malware from wp-count.phpHey All,
Sounds like a backdoor is still being left on the server, for the newbs you might want to check out this post as it gives you some advice on what you can and can’t remove and how: http://sucuri.net/website-malware-removal-wordpress-tips-tricks.html
For those suffering from the same issue, I’d recommend opening that wp-count.php or wp-apps.php and try grepping the rest of your server for the same content. Some times you’ll have the same payload using different file names.
If you pastebin the payload I’ll be happy to take a look see if we have it in our definitions somewhere.
Cheers.
Forum: Fixing WordPress
In reply to: Strange issues out of nowhereHey mk2mark
AVG can be tricky because of how they detect things. What’s good to note is if you’re seeing it across a number of HTML pages then it might be good to place your focus on the files generating – PHP. Try looking at your header.php, index.php, function.php and footer.php in the theme itself.
The odds are you have a payload in the core file which is then generating a display on the browser.
Food for thought.
Tony
Forum: Networking WordPress
In reply to: Malware detected problem in ms-setting.php – Help!Hey torykd
Make sure you disable PHP execution in your includes folder as well and verify your perms on directories and files.
Good luck.
Yes I recently gave a talk in which I pointed a number of things you can do to better harden your environment: http://perezbox.com/2012/06/wordcamp-orange-county-2012-wordpress-security-presentation/
Another good resource is this forum, think you’ll find a number of people willing to give you a hand.
Forum: Fixing WordPress
In reply to: Site Listed as Containing Malware.@solutionsphp yes that happens some times, depends what it is and what referrers its depending on.
Thanks
Forum: Fixing WordPress
In reply to: Fake App Attack HelpBoom.. legit..
Cool
Forum: Fixing WordPress
In reply to: Malware – Blacklist@anemoone good to hear on the users issues, but you’ll still want to clear that scounter injection to get off Google’s radar.
Forum: Fixing WordPress
In reply to: Malware – BlacklistOh, I forgot, When you’re done with the removal and it shows cleared on SiteCheck then proceed with submitting it to Google for deblacklisting.
SiteCheck uses the Google API when it flags, so just click the Blacklisting tab and it’ll tell you who it’s pulling the blacklisting from.
Cheers.
Forum: Fixing WordPress
In reply to: Malware – BlacklistHi
Ok, if you can’t get into wp-admin you need to try to reset your credentials. If you get a message saying that the email doesn’t exist, and you’re sure that it does, then the odds are your account has been removed by the hacker. You’re going to want to log into your host administrator panel, access your database and manually overwrite the users. Some guidance on that here: http://codex.wordpress.org/Resetting_Your_Password
As for that scounter injection, yes, you’re going to want to check all your JavaScript (JS) files, that where it usually like to hide, specifically at the bottom of the files.
You can try searching for it via GREP in terminal. Its often not just one file, often all your JS files to include those in your theme and core files.
Happy hunting, let me know if this helps.
Forum: Fixing WordPress
In reply to: All sites on the same server hacked@xinxin sorry thought I responded, but wanted to let you know that what you shared above is a black-hole exploit infection.. just an FYI.