How to get rid of Blackhole Exploit Kit 2160

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • RachelBlackG
    Elysium
    • Feb 2011
    • 1037
    #1

    How to get rid of Blackhole Exploit Kit 2160

    Im on shared hosting with several sites running on WP and they all got infected by this Blackhole Exploit Kit 2160 s**t. It adds long code into index.php and main.php. If I delete this bad line of code and save the file then it will be back in a minutes again. Dont you know how to remove it?
    Tags: None
    • Babaganoosh
      ♥♥♥ Likes Hugs ♥♥♥
      • Nov 2001
      • 15841
      #2
      First, change your FTP password and don't access the site from FTP anymore. Use SSH if it's available.

      Make sure permissions are nailed down.

      Make sure you don't have a virus on your computer. Some viruses will take the password files from applications like filezilla and send them off to 3rd parties.

      If it keeps happening, contact your host. Many times it's another customer on the same server who is infected and infects everyone else on the server who has their files world writable.
      I like pie.

        Comment

        • uniquemkt
          Confirmed User
          • Mar 2012
          • 305
          #3
          Taking for granted you've already upgraded WP to the latest version, right? That should be your first step if not. Re-entry is happening either by the same exploit still existing, or an additional method having been created.

            Comment

            • RachelBlackG
              Elysium
              • Feb 2011
              • 1037
              #4
              Thanks for answers. It infects not only WP sites, but all sites (it adds some code to the index.php and main.php files, I also found malicious code in 404.php's but im not sure wheter is belongs to Blackhole exploit), but it seems that this code is added by some other source (could be some script) because right after I delete this code and save file it is back after few minutes when I reopen it.

              Anyway I did following. Re-installed all WP's, then upgraded all WP's and plugins. Reuploaded backups of other non-WP sites and changed FTP password. Since then everything seems fine. It took me whole day to solve it.

              Btw. my host replied only with pre-made email what they send to people whos sites were hacked. Really helpful.
              Last edited by RachelBlackG; 05-21-2012, 11:13 AM.

                Comment

                • zerovic
                  Confirmed User
                  • Apr 2010
                  • 1116
                  #5
                  also, make sure to check ALL .js files you are including, if there there are any URLs hidden in them...! I also had troubles before...
                  php, html, jquery, javascript, wordpress - contact me at contact at zerovic.com

                    Comment

                    • tmx007
                      Registered User
                      • Oct 2011
                      • 34
                      #6
                      Mind if I ask who your host is RachelBlackG?
                      Just out of curiosity, because I may want avoid them in the future.

                      I currently for with godaddy, which has it''s pros & cons...

                        Comment

                        • RachelBlackG
                          Elysium
                          • Feb 2011
                          • 1037
                          #7
                          My host is JustHost.com

                            Comment

                            Previous template Next
                            Working...