Grrrrrrr Website Infected - what to do???

Discussion in 'Security' started by Zascar, Jan 12, 2011.

  1. Zascar

    Zascar New Member

    Guys my site Colly.tv - DJ Mixes has been infected by some form of web virus. I have not visited the site in ages so not sure what's going on.

    Is this easily fixable? I've no idea how to do it... Anyone want to do a nixer and fix it for me and I'll throw you a few quid?
    Thanks
     
  2. peterarmstrong

    peterarmstrong New Member

    Have you asked your webhost to take a look? If it happened recently they may be able to restore a safe backup or at least provide details on what the problem is. Was the site software out-of-date?
     
  3. Zascar

    Zascar New Member

    Thanks, good idea. it's blacknight, and my site has not changed at all in several months. Do they do this at all does anyone know? I'll mail them and ask...

    My site was up to date with wordpress v3. I think some of these are actually viruses on your computers that get into your website via your pc - or so I'm told anyway... Where should I be looking in wordpress files to try to find the malicious code?

    Is there anything you can do to prevent future atttaks
     
  4. Tom

    Tom New Member

    You could check the file modified dates in ftp, any files with more recent modified dates since you last updated them might be hacked files. Check index files and htacess files in particular for anything dodgy and update your ftp passwords incase they are comprimised.
     
  5. link8r

    link8r New Member

    Also make sure you:

    1. Limit Access to FTP to other users
    2. Have an anti-virus running
    3. If you're using a blog or community CMS - make sure you have the latest updates
    4. Check the write permissions on files that can create files and access the Database
    5. List your site in Google Webmasters - you can request a re-crawl after the virus is cleared
    6. Check any other vulnerabilities in your CMS or code
    7. Your Host may be able to help spot the paritcular technique used
     
  6. Zascar

    Zascar New Member

    Thanks for all the replies :)

    I actually just got someone to fix it for me, from this brilliant website: Fiverr - its amazing the things people will do for $5!

    I've updated wordpress now and all my plugins etc. Anything easy I can do to increase the security of my wordpress blog?
     
  7. link8r

    link8r New Member

  8. link8r

    link8r New Member

  9. Greg

    Greg New Member

    You need to do the following:
    1. scan your website for malicious code and hackers shells
    2. remove them
    3. protect website from being hacked again

    For website scanning you may use a lot of different tools: ShellFinder (https://github.com/znb/Scripts/blob/master/shellfinder.py), ClamAv (Clam AntiVirus) or Ai-BOLIT (ai-bolit - malicious code detection tool: find hacking and malicious scrips on website (wordpress, joomla, etc).). Last one is pretty good at hacker's shell detection.

    Once malicious code is detected you have to remove it carefully.

    Then protect website from being hacked:
    1. add extra authorization for admin panel (e.g. allow access from particular IP)
    2. make most of files and folders "read-only"
    3. upload, cache and temporary folders make writable but put .htaccess into them to deny access to .php files inside
    4. disable system functions of php:
    popen,exec,system,passthru,proc_open,shell_exec,ini_restore,dl,symlink,chgrp,putenv,getmyuid,fsockopen,posix_setuid,posix_setsid,posix_setpgid,posix_kill,apache_child_terminate,chmod,chdir,pcntl_exec,phpinfo,virtual,proc_close,proc_get_status,proc_terminate,proc_nice,getmygid,proc_getstatus,proc_close,escapeshellcmd,show_source,pclose,safe_dir,dl,ini_restore,chown,chgrp,shown_source,mysql_list_dbs,get_current_user,getmyid,leak,pfsockopen,get_current_user, syslog
     

Share This Page