Malware removal service

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • grzepa
    Confirmed User
    • Jul 2004
    • 1264

    #1

    Malware removal service

    There must be some vulnerability in the server I use or I don't know what's the cause, but my sites are being flagged with google malware warning. I also see some nasty .php files being randomly added to some of my websites. Both wordpress and plain html.

    Any of you guys know of a reliable service that'll clean this shit for me and patch the vulnerabilty so it won't happen in the future ?
    Like X-ART !!
  • 247mg
    Yellowplum / 247mg
    • Feb 2008
    • 2162

    #2
    Tpl files in wp ate mostly infected with this which finally effect html files or php files...you need to contact host to clear this for you... Its called injection....
    247mg.com - Indian Affiliate Program - Over 50+ Sites To Promote - Monetize Your INDIAN Traffic Today!

    Comment

    • grzepa
      Confirmed User
      • Jul 2004
      • 1264

      #3
      This makes sense, unfortunately my host , I won't name it here, is not so good at doing anything more complicated. You think I should push them to get this done ?
      Like X-ART !!

      Comment

      • MiamiBoyz
        fgfdftre6
        • Oct 2012
        • 6688

        #4
        Originally posted by grzepa
        This makes sense, unfortunately my host , I won't name it here, is not so good at doing anything more complicated. You think I should push them to get this done ?
        Sounds like you are lucky if those fuckers just manage too keep the server plugged in!

        Comment

        • AdultKing
          Raise Your Weapon
          • Jun 2003
          • 15601

          #5
          Originally posted by grzepa
          This makes sense, unfortunately my host , I won't name it here, is not so good at doing anything more complicated. You think I should push them to get this done ?
          If you can't secure your own sites on your current host then perhaps you need to change hosting ?

          Comment

          • Paul&John
            Confirmed User
            • Aug 2005
            • 8617

            #6
            Maybe your ftp password got stolen (in case you had stored it in Total Commander or similar) via a malware?
            Use coupon 'pauljohn' for a $1 discount at already super cheap NameSilo!
            Anal Webcams | Kinky Trans Cams Live | Hotwife XXX Tube | Get your Proxies here

            Comment

            • Barry-xlovecam
              It's 42
              • Jun 2010
              • 18083

              #7
              Sloppy PHP coding -- use PDO

              Inputing user submitted data the right way:
              PHP: PDO - Manual

              This is probably beyond the scope of your abilities but the developers creating the code for your API should know better.

              This is a nice blog article in more layman terms:
              a2z notes: Introduction to PDO

              Here is a long read on the SQL injection vulnerabilities in PHP query language.
              mysql - How can I prevent SQL-injection in PHP? - Stack Overflow

              Comment

              • Babaganoosh
                ♥♥♥ Likes Hugs ♥♥♥
                • Nov 2001
                • 15841

                #8
                ProntoAdmin | On Demand Server Administration

                Hosts aren't really responsible for your content. Some might be willing to help but when there is a recurring problem, most of them are going to tell you to get it figured out or they are going to shut you down.
                I like pie.

                Comment

                • Va2k
                  I’m still alive barley.
                  • Oct 2001
                  • 10060

                  #9
                  Originally posted by Babaganoosh
                  ProntoAdmin | On Demand Server Administration

                  Hosts aren't really responsible for your content. Some might be willing to help but when there is a recurring problem, most of them are going to tell you to get it figured out or they are going to shut you down.
                  Not true, if it is a managed server then they are responsible to a point! Most if not all host who sell managed servers will do this for you free of charge unless there has to be custom scripting done. If your host has you on a managed plan and wont help, it is time to get rid of them right now!

                  Tom

                  Comment

                  • Babaganoosh
                    ♥♥♥ Likes Hugs ♥♥♥
                    • Nov 2001
                    • 15841

                    #10
                    Originally posted by Va2k
                    Not true, if it is a managed server then they are responsible to a point! Most if not all host who sell managed servers will do this for you free of charge unless there has to be custom scripting done. If your host has you on a managed plan and wont help, it is time to get rid of them right now!

                    Tom
                    Better check that host's scope of support. If it's managed, they might run clamav or just grep for the common base64/eval or iframe fuckery but hosts (managed or not) should not be touching customer code...ever.

                    If there were malicious files found somewhere, deleting them isn't going to make much difference. They will just keep returning until whatever allowed them to be uploaded is fixed. Most of the time it's a vulnerable WP theme or plugin and in that case, it's absolutely not something the host should be messing with. A lot of fledgling hosting companies will do this but those are typically the ones who haven't had a lesson in liability yet.
                    I like pie.

                    Comment

                    • 247mg
                      Yellowplum / 247mg
                      • Feb 2008
                      • 2162

                      #11
                      Originally posted by grzepa
                      This makes sense, unfortunately my host , I won't name it here, is not so good at doing anything more complicated. You think I should push them to get this done ?
                      We face the same issue and host tech created script to remove all injection in tpl file codes and it works.... Our host - Amerinoc 😎
                      247mg.com - Indian Affiliate Program - Over 50+ Sites To Promote - Monetize Your INDIAN Traffic Today!

                      Comment

                      • JuicyBunny
                        So Fucking Banned
                        • Jun 2010
                        • 2145

                        #12
                        Originally posted by 247mg
                        We face the same issue and host tech created script to remove all injection in tpl file codes and it works.... Our host - Amerinoc 😎
                        Amerinoc +100

                        Comment

                        • myleene
                          Confirmed User
                          • Oct 2013
                          • 906

                          #13
                          I could check it for you. Email me or contact me on ICQ.

                          I could do it live with you on TeamViewer or a similar tool.

                          Don't trust anybody requesting ssh, ftp or admin access to your server without you monitoring their actions and them giving you a full report... It'll probably get you in more trouble than you're in.

                          Comment

                          • myleene
                            Confirmed User
                            • Oct 2013
                            • 906

                            #14
                            Originally posted by Babaganoosh
                            Better check that host's scope of support. If it's managed, they might run clamav or just grep for the common base64/eval or iframe fuckery but hosts (managed or not) should not be touching customer code...ever.

                            If there were malicious files found somewhere, deleting them isn't going to make much difference. They will just keep returning until whatever allowed them to be uploaded is fixed. Most of the time it's a vulnerable WP theme or plugin and in that case, it's absolutely not something the host should be messing with. A lot of fledgling hosting companies will do this but those are typically the ones who haven't had a lesson in liability yet.
                            Exactly. Support ends on customer code.

                            They may change hardware, monitor system updates, install scripts, but I would never expect them to work on client code without compensation. If they do, you're probably paying too much for hosting monthly.

                            Comment

                            • hdbuilder
                              Confirmed User
                              • Jun 2012
                              • 1338

                              #15
                              It usually comes all from a single php file that reupload the bad files you see when you delete them and reinsert nasty codes into your html files.

                              Open one of your site and look at the source code of the page, check it without javascript enabled if your afraid of getting a virus, find an include which don't belong there, if it's encoded with eval (most of the time), decode it here HTML & JavaScript Encoder/Decoder.

                              Then look at the path of the php include file inside that code. Find that file and delete it (its the main file). Then run ComboFix on your computer to make sure you don't have any backdoor virus. That you got while watching porn

                              Then change your FTP, Cpanel (whatever), root password for your server.

                              Got those a few times and this is how i got ride of them...

                              ROBO SCRIPTS | WP CAM PLUGIN - Scripts To Promote Cam Sites - Chaturbate, BongaCams, Streamate, LiveJasmin, Stripchat...

                              The Cam Site Builder, The Cam Multi Site Builder -> MULTIPLE CAM SITES IN ONE

                              Comment

                              • Paz
                                Confirmed User
                                • Jun 2012
                                • 457

                                #16
                                I had lots of malware problems years ago on shared hosting, always WordPress. I spent many hours fixing it only to have them back in via a back door, but as a quick and dirty fix most (WP) problems disappear if you disable the php eval function.

                                Comment

                                • Va2k
                                  I’m still alive barley.
                                  • Oct 2001
                                  • 10060

                                  #17
                                  Originally posted by Babaganoosh
                                  Better check that host's scope of support. If it's managed, they might run clamav or just grep for the common base64/eval or iframe fuckery but hosts (managed or not) should not be touching customer code...ever.

                                  If there were malicious files found somewhere, deleting them isn't going to make much difference. They will just keep returning until whatever allowed them to be uploaded is fixed. Most of the time it's a vulnerable WP theme or plugin and in that case, it's absolutely not something the host should be messing with. A lot of fledgling hosting companies will do this but those are typically the ones who haven't had a lesson in liability yet.
                                  What I was talking about was if a host offers managed servers and client request help then most GOOD host will do what they can for their client. I agree NO host should be allowed to just go into someone's site and fuck around with files without being asked. Each to their own on this.

                                  Comment

                                  Working...