GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   HELP - Exploit:JS/Blacole.AR on one of my sites - WTF do I do? (https://gfy.com/showthread.php?t=1059075)

B.Barnato 02-26-2012 08:23 PM
HELP - Exploit:JS/Blacole.AR on one of my sites - WTF do I do?
 
I go on my site and chrome asks me to update a plugin.

I do NOT update anything or click ok.

Then Microsoft Security Essentials removes Exploit:JS/Blacole.AR from my chrome cache files.

The site is running the latest Wordpress version and only adsense banners.


How can I find out what is going on?

B.Barnato 02-26-2012 08:31 PM
Halp!!!!

papill0n 02-26-2012 08:51 PM
you start by disabling your plugins

anexsia 02-26-2012 09:02 PM
reboot the internet

B.Barnato 02-26-2012 09:13 PM
Hmpf disabled all plugins and reinstalled theme and wp.


Seems gone now.

asdasd 02-26-2012 09:32 PM
That sucks there guy

BIGTYMER 02-26-2012 09:51 PM
Interpol has been notified.

Aka_Bluey 02-26-2012 10:33 PM
Run a scan of your site through this url to see what is going on.
http://sitecheck.sucuri.net/scanner/




.

papill0n 02-26-2012 10:48 PM
now perform a backtrace and post the results here

Jacob[Soft] 02-26-2012 11:04 PM
Quote:
Originally Posted by Aka_Bluey (Post 18783442)
Run a scan of your site through this url to see what is going on.
http://sitecheck.sucuri.net/scanner/




.
This scanner is great, I reccomend to use it too.

So, in order to find exploit on your server just use special aniviruses or analyze your html code

B.Barnato 02-27-2012 12:27 PM
Quote:
Originally Posted by Aka_Bluey (Post 18783442)
Run a scan of your site through this url to see what is going on.
http://sitecheck.sucuri.net/scanner/




.
Thanks so much for posting this.

I had tried some other scanners that did not find anything, this one did!

SZNY 02-27-2012 12:36 PM
Probably your js files are infected with an inject code probably because the locations where your js files are stored where not chmod in a good way.

Jack Sparrow 02-27-2012 12:38 PM
Did you update a new theme on it?
If so, it was probably in the themes code and is now going all over your server.

SteveBee 02-28-2012 03:07 AM
Had a similar issue recently, and it infected other wp installs on the same server.. thought it was cleared up - it came back... only way for me to get rid of..

backup all the infected sites (ftp will probably fail - but cpanel zip / backup works) - backup databases with pmpmyadmin to your local machine just in case..

make sure you backed up everything, maybe use cpanel files viewer to do a zip backup of the entire directory.

ftp download your uploads folder in wp-content,
ftp download your wp-config file in root

then delete ALL the files... everything

re-upload fresh install of wordpress files
re-upload wp-config

install the exploit scanner plugin from wordpress.org - so it checks your database (and files.)

do not upload your /uploads/ until you have virus scanned it locally

cry about any custom theme mods you just lost

only get your plugins and themes from wordpress.org

change your admin password to a looong one.. change your cpanel password.. truly paranoid - change your sql password for each database and update your wp-config with the new pass.

I think that's all the steps, but I am a little over blogged and sleepy at the moment - if you backed up everything it won't matter if I missed a step.


All times are GMT -7. The time now is 07:09 PM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc123