|
|
|
|
||||
|
|
05-20-2012, 12:34 PM
|
#1 |
|
Registered User
Industry Role:
Join Date: Feb 2011
Location: Europe
Posts: 392
|
How to get rid of Blackhole Exploit Kit 2160
Im on shared hosting with several sites running on WP and they all got infected by this Blackhole Exploit Kit 2160 s**t. It adds long code into index.php and main.php. If I delete this bad line of code and save the file then it will be back in a minutes again. Dont you know how to remove it?
__________________
New to adult? Use Adult SEO, PlugRush ads or Mobile redirects to increase your revenue! ICQ 347307229. registrace980/a/seznam/dot/cz |
|
|
|
05-21-2012, 05:20 AM
|
#2 |
|
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,604
|
First, change your FTP password and don't access the site from FTP anymore. Use SSH if it's available.
Make sure permissions are nailed down. Make sure you don't have a virus on your computer. Some viruses will take the password files from applications like filezilla and send them off to 3rd parties. If it keeps happening, contact your host. Many times it's another customer on the same server who is infected and infects everyone else on the server who has their files world writable.
__________________
I like pie. |
|
|
|
|
05-21-2012, 09:01 AM
|
#3 |
|
Registered User
Industry Role:
Join Date: Mar 2012
Posts: 231
|
Taking for granted you've already upgraded WP to the latest version, right? That should be your first step if not. Re-entry is happening either by the same exploit still existing, or an additional method having been created.
|
|
|
|
|
05-21-2012, 12:12 PM
|
#4 |
|
Registered User
Industry Role:
Join Date: Feb 2011
Location: Europe
Posts: 392
|
Thanks for answers. It infects not only WP sites, but all sites (it adds some code to the index.php and main.php files, I also found malicious code in 404.php's but im not sure wheter is belongs to Blackhole exploit), but it seems that this code is added by some other source (could be some script) because right after I delete this code and save file it is back after few minutes when I reopen it.
Anyway I did following. Re-installed all WP's, then upgraded all WP's and plugins. Reuploaded backups of other non-WP sites and changed FTP password. Since then everything seems fine. It took me whole day to solve it. Btw. my host replied only with pre-made email what they send to people whos sites were hacked. Really helpful.
__________________
New to adult? Use Adult SEO, PlugRush ads or Mobile redirects to increase your revenue! ICQ 347307229. registrace980/a/seznam/dot/cz |
|
|
|
|
05-22-2012, 03:40 PM
|
#5 |
|
Registered User
Industry Role:
Join Date: Apr 2010
Posts: 159
|
also, make sure to check ALL .js files you are including, if there there are any URLs hidden in them...! I also had troubles before...
__________________
100% unique, copyspace passed, hand written content - $0.0075 / word - $45 / 6000words contact me at orders@zerovic.com or icq: 320334087
|
|
|
|
|
05-25-2012, 11:41 AM
|
#6 |
|
Registered User
Industry Role:
Join Date: Oct 2011
Location: The Internet, California
Posts: 34
|
Mind if I ask who your host is RachelBlackG?
Just out of curiosity, because I may want avoid them in the future. I currently for with godaddy, which has it''s pros & cons... |
|
|
|
|
05-27-2012, 02:54 AM
|
#7 |
|
Registered User
Industry Role:
Join Date: Feb 2011
Location: Europe
Posts: 392
|
My host is JustHost.com
__________________
New to adult? Use Adult SEO, PlugRush ads or Mobile redirects to increase your revenue! ICQ 347307229. registrace980/a/seznam/dot/cz |
|
|
|
|
|
|
|
Linear Mode
