SitePoint Sponsor

User Tag List

Results 1 to 10 of 10
  1. #1
    SitePoint Member
    Join Date
    Mar 2014
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Malicious malware

    My website has been infected with malware three times in the last few month - I suspect that it is being done deliberately by someone who repaired my computer some time ago.

    How can I detect the source of the malware and what is the best way to protect my website from these repeated attacks?

    Any and all suggestions welcome.

    Thanks.

    DJ

  2. #2
    Barefoot on the Moon! silver trophy Force Flow's Avatar
    Join Date
    Jul 2003
    Location
    Northeastern USA
    Posts
    4,606
    Mentioned
    56 Post(s)
    Tagged
    1 Thread(s)
    After finding or suspecting a malware/junkware/adware infection, I typically do this:


    1) Run malwarebytes: http://www.malwarebytes.org/mwb-download/
    2) Run JRT: http://thisisudax.org/?p=1
    3) Run Adwcleaner: http://general-changelog-team.fr/en/tools/15-adwcleaner
    4) Remove any extra/leftover browser add-ons, extensions, plugins, search engine providers, and toolbars that got installed by the malicious application. (However, JRT and Adwcleaner should've taken care of most of these).
    4) Run CCleaner

    Now--this won't do anything for your website--just your computer.

    As for your website, are you using a CMS and keeping it up-to-date? Are you following recommended security practices? Have you changed all of your passwords?
    Visit The Blog | Follow On Twitter
    301tool 1.1.5 - URL redirector & shortener (PHP/MySQL)
    Can be hosted on and utilize your own domain

  3. #3
    Avid Logophile silver trophy
    ParkinT's Avatar
    Join Date
    May 2006
    Location
    Central Florida
    Posts
    2,332
    Mentioned
    192 Post(s)
    Tagged
    4 Thread(s)
    If you seriously suspect someone - who recently repaired your computer - is deliberately adding MalWare to your website, I would assume they snatched your login information (FTP credentials and, perhaps, cPanel) while it was in their hands - I recommend you change ALL PASSWORDS.

    This is the real danger of allowing your browser to 'remember' passwords, for example.
    Don't be yourself. Be someone a little nicer. -Mignon McLaughlin, journalist and author (1913-1983)


    Git is for EVERYONE
    Literally, the best app for readers.
    Make Your P@ssw0rd Secure
    Leveraging SubDomains

  4. #4
    SitePoint Member
    Join Date
    Mar 2014
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Malicious malware

    Thank you so much for these very useful tips and information that I will look to implement right away.

    I have a Wordpress website which I understand is prone to malware attacks. Luckily, my website hosting service has, to date, been very helpful and supportive when in relation to helping me to clean up the site when it gets infected, but I want to learn how to 'do it myself' as I fear they may eventually get-up with the repeated attacks.

    The problem is that I am not very 'tech savvy' so find dealing with the problem a bit of an uphill struggle. - still it can only get easier and clearer with time and practice.

    I change my passwords etc. regularly but the problem keeps re-occuring every couple of weeks or so.

  5. #5
    SitePoint Member
    Join Date
    Mar 2014
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Recurring malware attacks

    I have a Wordpress website which has been infected with malware three times in the last few month - I suspect that it is being done deliberately by someone who repaired my computer some time ago.

    How can I detect the source of the malware and what is the best way to protect my website from these repeated attacks?

    Any and all suggestions welcome.

    Thanks.

    DW

  6. #6
    SitePoint Wizard bronze trophy bluedreamer's Avatar
    Join Date
    Jul 2005
    Location
    Middle England
    Posts
    3,361
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Make sure you are using the latest version of Wordpress.

    Check any 3rd party plugins for insecurities and always keep them updated, it's worth removing plugins you no longer need.

    There are many articles about securing WP, such as http://webdesignerwall.com/general/h...ordpress-sites

  7. #7
    Programming Team silver trophybronze trophy
    Mittineague's Avatar
    Join Date
    Jul 2005
    Location
    West Springfield, Massachusetts
    Posts
    17,156
    Mentioned
    190 Post(s)
    Tagged
    2 Thread(s)
    Sure to be some redundancy with the previous link, but there's always the codex.
    http://codex.wordpress.org/Hardening_WordPress

  8. #8
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    DW,

    I had installed WP for a client but the client refused to check for updates on a daily basis so it was hacked - presumably by "script kiddies" that find a new WP hack and go "have fun" defacing others' websites. The ONLY way to secure WP is to:

    1. Limit access to your admin area (renamed, of course) using a STRONG password (http://strongpasswordgenerator.com). Be sure that ONLY your own login is in the database with admin privileges.

    2. Maintain a master copy of your WP code on your own computer so you can replace defaced code.

    3. Check DAILY for updates and update immediately. It's a race to detect that a new hack has been found, for WP to generate a patch and for you to install the patch before you get hacked (it's a losing battle).

    4. Some people recommend secure(something) as a third party addon but I'd say that hackers can also create addons so limit your use of addons as much as possible.

    If you can't do these simple things, DON'T use WP (or any other CMS) as you must expect to be hacked ... routinely.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  9. #9
    SitePoint Member
    Join Date
    Nov 2013
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by DWarfton View Post
    My website has been infected with malware three times in the last few month - I suspect that it is being done deliberately by someone who repaired my computer some time ago.

    How can I detect the source of the malware and what is the best way to protect my website from these repeated attacks?

    Any and all suggestions welcome.

    Thanks.

    DJ
    You should use a strong AV like KIS and the most important is do not use any crack software.

  10. #10
    SitePoint Addict WolfShade's Avatar
    Join Date
    Mar 2014
    Location
    St. Louis, MO, USA
    Posts
    263
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I'm way late on this, but here's my $0.03471 worth (I recently passed my Security+ exam).

    The best password is a passphrase that has the following characteristics:
    1. Length - the longer, the better. 20+ characters.
    2. Complex - don't use just lower-case letters. Use a mix of upper- and lower-case letters, numbers, and characters like ! @ #, etc.
    If you have a password that is ten characters long and all lower-case letters, that's 26^10 possible combinations.
    If you have a password that is twenty characters long and uses a mix, that's 64^20 possible combinations.

    Passphrases like (don't use any of these, these are just for example):
    1 d0n't 0wn @ c@R, AnYmor3!
    %I_l0v3_My_k0mp\/T3rZ!!%$
    &I'm ju5t g0ing t0 k33p tYp1ng Un7!l MY f1ngErs F@ll oF$

    ^_^


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •