vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   Forum and Server Management (https://vborg.vbsupport.ru/forumdisplay.php?f=232)
-   -   my site is hacked .. any help please (https://vborg.vbsupport.ru/showthread.php?t=249502)

Black Dove 08-28-2010 11:25 PM
my site is hacked .. any help please
 
hello there , i want ur help please
some one hacked my site when i try to access it from explorer i got that anti virus warning
http://a.imageshack.us/img651/4062/22438905.jpg

and from firefox i have that one

http://a.imageshack.us/img842/9369/capturemq.jpg


please help me im really in trouble
my site is www.noreldonia.com


i removed the virus from my site but the warning still there

TheLastSuperman 08-29-2010 12:22 AM
Sometimes it can take up to 30 days depending on how it was flagged for the "flag" to be removed. Make sure it is in fact clean and the virus is gone. Have you informed your host of the situation because if your on a shared hosting account the other sites "sharing" with you could have been affected.

--------------- Added [DATE]1283045145[/DATE] at [TIME]1283045145[/TIME] ---------------

Quote:
Originally Posted by Black Dove (Post 2090882)
i removed the virus from my site but the warning still there
Also... you removed a virus i.e. simply one or ?

I checked the details by clicking "Why was this page blocked?" etc and this came up:

Quote:
Of the 1298 pages we tested on the site over the past 90 days, 16 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-08-27, and the last time suspicious content was found on this site was on 2010-08-27.

Malicious software includes 186 scripting exploit(s), 2 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine.

Malicious software is hosted on 82 domain(s), including ommeddonia.jeeran.com/, oracleguy.jeeran.com/, mcseman.jeeran.com/.

This site was hosted on 2 network(s) including AS21844 (THEPLANET), AS30058 (FDCSERVERS).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, noreldonia.com/vb did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
So you need to be sure the site is in fact clean OR it will continue to show that message, if your not familiar with Viruses and or Malicious scripts and how they affect a computer you may not have successfully removed all the bad files and it's also possible your files could have been tampered with tbo.

mathewka010 08-29-2010 07:17 AM
another preventative measure to take is to add ftp.allow, ftp.deny and ftp.log to your file manager, this will stop any back door hacks, or atleast help, you can usually ask your hosting provider to do this for you. What you then need to do is add your IP address to ftp.allow file and any other individuals that may need to have access to your file manager.

Good luck!

Black Dove 08-29-2010 09:30 AM
thank u so much , the problem were :
1- 10 viruses , i removed them by scanning my site online
2-codes added to my header and footer and i searched for than and removed

really t hank u so much for help , u are always helpful

Willo 08-29-2010 05:15 PM
You can also speed removal of the spam warning by verifying you site with Googles webmaster tools

Cheers,
Greg
urljet.com

Angel-Wings 08-30-2010 08:55 AM
Quote:
Originally Posted by mathewka010 (Post 2090990)
another preventative measure to take is to add ftp.allow, ftp.deny and ftp.log
Won't help much. Usually PHP Backdoors / Injections are the problem to care about. Bruteforcing FTP accounts is rather time-consuming compared with a simple XSS / Injection etc.

And - I would recommend to take the site offline and reinstall all files checking them twice for security problems.
Since the site was infected, how you can be sure that every file is really clean and nothing has been modified to fool your scanners ?

Additionally - there was a security problem so by keeping everything as it was, the problem isn't fixed, just the results but the problem maybe is still present.

Oh - and maybe upgrade your outdated PHP 4.4.9 to a newer version.

Marco van Herwaarden 08-31-2010 05:16 AM
If codes haven been added to header/footer then most likely that hacker had access to your database. Let your host check the security of the server.


All times are GMT. The time now is 08:08 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.00996 seconds
  • Memory Usage 1,731KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (3)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (7)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 
Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 
Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete