perezbox
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Fake App Attack HelpOk, this one is going to be a bit of challenge because the information being provided by Norton is sometimes cached and not very specific. You do know its some type drive by download so you’re going to want to look for some kind of obfuscated code.
Help us out, what have you done already?
Thanks
Forum: Everything else WordPress
In reply to: Report of Virus by User@shinral this is what you’re talking about: http://blog.sucuri.net/2012/05/web-sites-compromised-with-fake-av-campaign-windows-web-secure-kit.html
Just some extra info, yes, use of fake AV’s is very common.
Forum: Fixing WordPress
In reply to: Fake App Attack HelpForum: Fixing WordPress
In reply to: Site Listed as Containing Malware.@solutionsphp you still having the reinfection problem?
Forum: Fixing WordPress
In reply to: Site Listed as Containing Malware.Are you still having an issue with this?
Thing to note with the SiteCheck result is that its showing the client display, in other words if its encoded you won’t have much luck finding it via terminal.
Look like you might have had some luck though from what I’m seeing: http://sitecheck.sucuri.net/results/www.stateofmindgaming.com/
But you’ll want to submit to Google if you haven’t already. Diagnostic page: http://www.google.com/safebrowsing/diagnostic?site=www.stateofmindgaming.com
You’ll want to clear this so that your reputation doesn’t get dinged too bad.
Cheers.
Forum: Fixing WordPress
In reply to: Security warning malwareLooks like you have been blacklisted. This means that Google has scanned your site and because of the infection they have ‘blacklisted’ you.
Based on this scan: http://www.google.com/safebrowsing/diagnostic?site=postrocker.nl
Its looks like you might have gotten your issue addressed. Sometimes this page is delayed so take a minute to submit it via webmaster tools and verify its not there.
Sounds like you’re taken care of though, let us know if not.
Thanks
Forum: Fixing WordPress
In reply to: malware in functions.phpForum: Fixing WordPress
In reply to: malware in functions.php+100 Jan
Forum: Fixing WordPress
In reply to: malware in functions.phpHi was955
Have you followed the links Jan provided? Where are you in the process?
Did you already remove it from your site?
As to what is causing it, its always hard to say without analyzing your site.
The one thing I would add is don’t stop at looking at just this site, extend it to the server or account in which it sits. It could be a backdoor you are missing.
Here is an example of why: http://blog.sucuri.net/2012/03/website-cross-contamination-blackhat-seo-spam-malware.html
Another big trend we’re seeing is this: http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html
There are also all the obvious things like vulnerable third party tools and poor server and account management.
As you can see, many variables to consider.
Thanks
Forum: Fixing WordPress
In reply to: malware in functions.phpHi what is your site.
Forum: Fixing WordPress
In reply to: Redirect Links HackedWas that the name of it?
Malware Removal
Or was it called something else?
Thanks
Forum: Fixing WordPress
In reply to: Redirect Links HackedAh yes.. we have been seeing a lot of these URL hi jacking attempts.. Its actually a conditional redirect based on the Facebook referrer.. nasty little buggers but makes sense with its popularity (it = facebook)
Check your htaccess and index files, not just for the core install but also your themes and those sites around the site.
Thanks
Hi
Without doing a thorough code review and some pentesting it’ll be hard to say if the plugin was the cause or whether it was a matter of circumstance. Going to add this to the list of plugins to play with in our sandboxes.
FYI, a little trick on SiteCheck, when it shows you a cache results, scroll down and click ‘Rescan’.. it’ll manually crawl your site again..:)
Another FYI, the use of the plugin could just be a coincidence.
Here are some good articles that explain infections a bit more:
http://blog.sucuri.net/2011/05/ask-sucuri-why-does-my-site-keep-getting-reinfected.html
http://blog.sucuri.net/2011/10/remove-unsused-testing-debug-software-from-your-site.html
http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html
I’d recommend looking into this stuff as well.
Forum: Fixing WordPress
In reply to: WordPress site is hacked. Pls helpHey @katsampukas
I like to recommend everyone read this: http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html
I would caution against getting to excited just yet. Monitor your logs for a bit and ensure nothing changes. The backup might have overwritten the infection but the backdoor might still exist.
Forum: Fixing WordPress
In reply to: Malware detectedYou sound like a novice, but if you’re not there are other methods you can use via SSH. Just let us know.
If you’re curious to see some of the other malware types that could be affecting you take a look here: http://blog.sucuri.net/2012/04/sucuri-sitecheck-web-malware-distribution-march-2012.html. This is a compilation of malware distribution for the month of March, follow the links and it’ll give you more info on the various types.
Local AV’s will pick up some of these, without knowing what you have it’ll be hard to advise, but never turn away a potential tool… lesson learned long ago..