perezbox
Forum Replies Created
-
Forum: Fixing WordPress
In reply to: Malware detectedHi @songdogtech
Are you saying the only infections he should consider are encoded PHP eval strings? Is there nothing else a local AV would pick up from infected files?
Interesting advise..
Forum: Fixing WordPress
In reply to: Hacked and all my sites now have impossible cialis and viagra pagesHi sondogtech,
What I actually said was that all the hosts have “sites that have been hacked.”
If you see the distribution of malware across these hosts you’d understand my statement better, specifically the one for the hosts on that page you provided.
This statement in itself holds no value if you can’t quantify or objectively explain it: “Some hosts are simply insecure and you will get hacked again.” Are you implying that his is more insecure than the ones on the page you referenced? If so, can you objectively quantify that statement? If not, then it too holds no true value, does it?
The purpose of my statement was in direct response to consider changing. Too often the immediate response is to change the host, but in reality there are a number of things that comes down on the end-user that should be considered first. I would argue that like WordPress, the biggest weakness for hosts is more often than not the end-user.
I hope this provides better clarity around my response.
For the record, I don’t work for any host. Just my .02
Thanks
Forum: Fixing WordPress
In reply to: Websites contains Malware@bagusadhita are you running google apps for myweb.com? If so, you or whoever manages that domain on Google Apps needs to log into the admin and enable the use of webmaster tools.
Like wintermute77 stated, the page you’re seeing from Google is not real-time. It means that at the time it scanned your site you were distributing malicious content, or suspected of distributing, so you were blacklisted… 🙁
If your site is back up you can use a number of free tools online to figure out what the infection is. FYI, if you just submit it and don’t remove the issue it won’t change the status.
http://sitecheck.sucuri.net is one of them.
silvrrwulf, esmi is right on this one.. the best place is to talk to the theme shop and ask them for some guidance. There are so many different things that could be at play it’d be hard for anyone to give any other advise without looking at the code itself.
Sorry we can’t be of more use.. 🙁
Forum: Fixing WordPress
In reply to: Malware detectedHi
What do you mean there is no FTP launching in Dreamhost? They do in fact offer FTP, pull it from your CPANEL in FTP accounts.
esmi provided a number of good links. Both the ones from SiteCheck and Unmask will give you real time scans of the site and if it finds anything they’ll tell you what it is. You can navigate through the pages to remove the infection.
If you’re not looking to do that then another option you have is to download the site directory and have your local AV scan it. If for nothing else to identify where the stuff is. I’d caution against using the default remove or delete though or you might find yourself in a world of hurt.
Thanks
Forum: Fixing WordPress
In reply to: malware in functions.phpIf what was955 doesn’t work let us know. Post the url also so that we can take a look.
Thanks
Forum: Fixing WordPress
In reply to: Chrome shows malware warning on blogWe’re seeing an increase in the following: http://blog.sucuri.net/2012/04/getmama-conditional-malware-affecting-thousands-of-sites.html
Check yourself by looking at all your PHP files. Its evolving so be mindful of that.
Forum: Fixing WordPress
In reply to: Chrome shows malware warning on blogHey Akjackson
Sounds like you’re suffering from conditional malware, you can find more information looking up “polymorphic malware”.
Your best bet is to scrub your server, all sites, and find the backdoor. If not, it’ll just keep jumping around to its hearts content.
Forum: Fixing WordPress
In reply to: Hacked and all my sites now have impossible cialis and viagra pagesHi war3rd
Lastly, just so you know all the hosts on the list @songdogtech provided have sites that have been hacked.
Forum: Fixing WordPress
In reply to: Hacked and all my sites now have impossible cialis and viagra pagesHi war3rd
One infection wouldn’t be cause to move just yet. I would talk to the Liquidweb guys to see if they can’t provide better insight (i.e., diagnose the logs and what not to understand the potential attack vector). In my experience more often than not there is as much responsibility on the end-user than the host.
I wouldn’t wait for Google to reindex on their own, I would resubmit via webmaster tools so that they can proceed. If you request a review they take on average of 10 hours, although sometimes as much as a week. At least this way you know if you’ve removed it all. It’ll suck if you wait a month hoping its clear just to find out its not.
I would also lock down your uploads directory, within wp-content, to disallow any PHP files to be uploaded to executed. If it happens again I’d attribute it to a missing backdoor on your server.
Don’t know much about your setup on the server, but if its not in the app directory I’d go up a few directories and check the other server directories as well.
Thanks
Forum: Fixing WordPress
In reply to: Hacked and all my sites now have impossible cialis and viagra pagesHi war3rd
SEO spam, which is what you’re dealing with can be really tricky. If you’re doing this by hand, try replacing all the core files. Rename wp-admin / wp-includes, then push over fresh copies. Do the same with the root files.
This is quick and easy for you to do. Why its valuable is because it won’t just copy existing files, it’ll also allow you to purge any backdoor files that might be in the core install.
Make note though, this can be a painful process. If not in the root, you’ll have to work inward, start with plugin, then move to the theme.
In most cases the issues you’re talking about come from cross-site contamination issues. Not sure of your specific scenario but read these to see if they apply:
http://blog.sucuri.net/2012/03/website-cross-contamination-blackhat-seo-spam-malware.html
http://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html
Best of luck
Forum: Fixing WordPress
In reply to: Malware detectedHi, encourage you to use http://sitecheck.sucuri.net. It’ll provide good info that you could potentially use if you are infected to figure out where the code is.
I hope it helps.
Hi
You should never leave the infection on your site once you know its there. You essentially threaten anyone on the web visiting your site. If you haven’t already, I’d remove it.
Forum: Fixing WordPress
In reply to: Google flagged– Malware found- Please helpI’d encourage you use http://sitecheck.sucuri.net/scanner. It’ll provide you information about the infection and tidbits you can use to find it yourself. In some instances it will point you to the infected files.
Forum: Fixing WordPress
In reply to: My site is hacked with MW JS Depack?I would look beyond this one install. Do you run other websites on the same server? Often case the vulnerability is not the site that is infected, rather one that is not showing infected.
I would also check all your folder and file permissions, perhaps you’re being to relaxed in that department.
I’d also encourage you to work via SFTP or SSH instead of FTP, not sure what you use, but a small tidbit none the less.
Also, if you haven’t already, change all your credentials using a sterile environment. FTP/SFTP/ SSH, WP-ADMIN, Database, try not to use the same password for all and ensure they are complex ones.
Thanks