Hello guys, i hope this is the right place for my post. The main Problem website is www.dota2hook.de So today, i just wanted to check one of my websites, and what do i find there, that it is blacklisted by Google. After a couple of minutes, i found out, that all of my websites (www.wowcast.de www.pokergorillas.de www.fitmanic.de www.appjoy.de www.reisehits.net www.buggytech.net) hosted on Bluehost.com have been infected. BTW. I had a bloody base64 on all of my index.php about 2 Months ago (which i fixed, by removing the code and making it 0444 *i know, not the best solution, but i had no clue what to do). I have already spent about 6 hours on this issue, and it seems like, all of the .jq files on each website are infected like this: http://pastebin.com/RbmWyPnA I found, that i had some Timthumb vulnarabilities and even one infected .php which i deleted (all are now updated). As well, i am now trying out the wp plugin: http://wordpress.org/extend/plugins/gotmls/ (nothing special happened) Now i installed Wordfence Scan wp plugin, which indicated like 100 infected .js files. Is there a fast way to delete the spezific Malware code + change the permissions to 0444? And will my website work if i would change all to 0444? Id appreciate any help of you guys! ps. i am up for a skype call, if you would like to assist me directly. sincerly, Philip
Hello Wowcast, Your best bet is to overwrite those files with backup files from your computer and changing all your passwords for best security. Regards, Adam
Hi Wowcast, Along with restoring files from any of your older backups, I would also suggest contacting the technical support team of your hosting provider Bluehost whether they can obtain any server logs indicating any upload of these infected files having the malicious content. This could help blocking the IP addresses of any intruders to prevent another malicious attack. Jeff