Results 1 to 4 of 4

Thread: Problem about site I manage for a client was infected with malware!

  1. #1
    Registered
    Join Date
    Jan 2015
    Location
    new york
    Posts
    3
    Rep Power
    0

    Problem about site I manage for a client was infected with malware!

    Hello everyone!

    Okay, so the site I manage for a client was infected with malware the other day, and again yesterday only about 10 hours after being cleaned up (the site is exported from a CMS running elsewhere, so re-uploading wasn't a problem).

    The site runs no third-party software or any CMS at all. The only dynamic content is proprietary and quite minimal. There are no execution calls or anything simple like that that could be exploited. (This is obviously an automated attack anyway and it seems unlikely that would be exploiting proprietary web software even if it were blatantly insecure.)

    I've cleaned the site up again, but I can't tell Google it's clean again until I figure out what the problem is.

    The attack adds this sort of content to all PHP files (fairly typical stuff):

    Code:
    removed
    Obviously you could easily figure out what the decode is and such, but that's hardly relevant.

    What should I do about this, and is there any reason for me to believe that this is not due to compromised security on the server?

    Thank's a lot!
    author: internet việt nam
    Have a nice day.
    Last edited by snowmaker; 3-4-15 at 07:58 AM. Reason: removed unnecessary code and link to non powweb site

  2. #2
    Former Spam Filter (EU) IanS's Avatar
    Join Date
    Mar 2004
    Location
    Washington (THE original UK one!)
    Posts
    12,964
    Rep Power
    30
    The best indicator you have that it's not a compromised security on the server is if the forums aren't full of the 'me too' type messages, and they aren't!

    If it's not a compromised server in the general sense then it seems reasonable to assume something is amiss on your particular setup.
    This is a Powweb customer
    helping Powweb customer forum.

    I am a customer just like you!!

    Some matters can only be answered by staff or support.
    Give it a go - ask here first!

  3. #3
    Custom User Title entrecon's Avatar
    Join Date
    Aug 2006
    Location
    Michigan
    Posts
    2,742
    Rep Power
    16
    Depending on where the other site is, the CMS you are copying from, it is possible the original is infected.
    ________________________________
    Find me on twitter: @entrecon

  4. #4
    Registered
    Join Date
    Mar 2015
    Location
    India
    Posts
    2
    Rep Power
    0
    OP make sure you use a free website malware scanner henceforth.

    Make sure you give http://sitecheck.sucuri.net/ a go. These guys really know their stuff when it comes to online security.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •