Go Back   vb.org Archive > Community Discussions > Forum and Server Management
FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Display Modes
  #1  
Old 08-28-2010, 11:25 PM
Black Dove Black Dove is offline
 
Join Date: Dec 2006
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default my site is hacked .. any help please

hello there , i want ur help please
some one hacked my site when i try to access it from explorer i got that anti virus warning


and from firefox i have that one




please help me im really in trouble
my site is www.noreldonia.com


i removed the virus from my site but the warning still there
Reply With Quote
  #2  
Old 08-29-2010, 12:22 AM
TheLastSuperman's Avatar
TheLastSuperman TheLastSuperman is offline
Senior Member
 
Join Date: Sep 2008
Location: North Carolina
Posts: 5,844
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Sometimes it can take up to 30 days depending on how it was flagged for the "flag" to be removed. Make sure it is in fact clean and the virus is gone. Have you informed your host of the situation because if your on a shared hosting account the other sites "sharing" with you could have been affected.

--------------- Added [DATE]1283045145[/DATE] at [TIME]1283045145[/TIME] ---------------

Quote:
Originally Posted by Black Dove View Post
i removed the virus from my site but the warning still there
Also... you removed a virus i.e. simply one or ?

I checked the details by clicking "Why was this page blocked?" etc and this came up:

Quote:
Of the 1298 pages we tested on the site over the past 90 days, 16 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-08-27, and the last time suspicious content was found on this site was on 2010-08-27.

Malicious software includes 186 scripting exploit(s), 2 trojan(s). Successful infection resulted in an average of 2 new process(es) on the target machine.

Malicious software is hosted on 82 domain(s), including ommeddonia.jeeran.com/, oracleguy.jeeran.com/, mcseman.jeeran.com/.

This site was hosted on 2 network(s) including AS21844 (THEPLANET), AS30058 (FDCSERVERS).

Has this site acted as an intermediary resulting in further distribution of malware?

Over the past 90 days, noreldonia.com/vb did not appear to function as an intermediary for the infection of any sites.

Has this site hosted malware?

No, this site has not hosted malicious software over the past 90 days.

How did this happen?

In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message.
So you need to be sure the site is in fact clean OR it will continue to show that message, if your not familiar with Viruses and or Malicious scripts and how they affect a computer you may not have successfully removed all the bad files and it's also possible your files could have been tampered with tbo.
Reply With Quote
  #3  
Old 08-29-2010, 07:17 AM
mathewka010 mathewka010 is offline
 
Join Date: Jan 2010
Posts: 3
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

another preventative measure to take is to add ftp.allow, ftp.deny and ftp.log to your file manager, this will stop any back door hacks, or atleast help, you can usually ask your hosting provider to do this for you. What you then need to do is add your IP address to ftp.allow file and any other individuals that may need to have access to your file manager.

Good luck!
Reply With Quote
  #4  
Old 08-29-2010, 09:30 AM
Black Dove Black Dove is offline
 
Join Date: Dec 2006
Posts: 19
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

thank u so much , the problem were :
1- 10 viruses , i removed them by scanning my site online
2-codes added to my header and footer and i searched for than and removed

really t hank u so much for help , u are always helpful
Reply With Quote
  #5  
Old 08-29-2010, 05:15 PM
Willo Willo is offline
 
Join Date: May 2010
Posts: 16
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

You can also speed removal of the spam warning by verifying you site with Googles webmaster tools

Cheers,
Greg
urljet.com
Reply With Quote
  #6  
Old 08-30-2010, 08:55 AM
Angel-Wings's Avatar
Angel-Wings Angel-Wings is offline
 
Join Date: Sep 2007
Posts: 206
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

Quote:
Originally Posted by mathewka010 View Post
another preventative measure to take is to add ftp.allow, ftp.deny and ftp.log
Won't help much. Usually PHP Backdoors / Injections are the problem to care about. Bruteforcing FTP accounts is rather time-consuming compared with a simple XSS / Injection etc.

And - I would recommend to take the site offline and reinstall all files checking them twice for security problems.
Since the site was infected, how you can be sure that every file is really clean and nothing has been modified to fool your scanners ?

Additionally - there was a security problem so by keeping everything as it was, the problem isn't fixed, just the results but the problem maybe is still present.

Oh - and maybe upgrade your outdated PHP 4.4.9 to a newer version.
Reply With Quote
  #7  
Old 08-31-2010, 05:16 AM
Marco van Herwaarden Marco van Herwaarden is offline
 
Join Date: Jul 2004
Posts: 25,415
Благодарил(а): 0 раз(а)
Поблагодарили: 0 раз(а) в 0 сообщениях
Default

If codes haven been added to header/footer then most likely that hacker had access to your database. Let your host check the security of the server.
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 11:53 PM.


Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2024, vBulletin Solutions Inc.
X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.16151 seconds
  • Memory Usage 2,225KB
  • Queries Executed 13 (?)
More Information
Template Usage:
  • (1)SHOWTHREAD
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)ad_showthread_beforeqr
  • (1)ad_showthread_firstpost
  • (1)ad_showthread_firstpost_sig
  • (1)ad_showthread_firstpost_start
  • (3)bbcode_quote
  • (1)footer
  • (1)forumjump
  • (1)forumrules
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (1)navbar
  • (3)navbar_link
  • (120)option
  • (7)post_thanks_box
  • (7)post_thanks_button
  • (1)post_thanks_javascript
  • (1)post_thanks_navbar_search
  • (7)post_thanks_postbit_info
  • (7)postbit
  • (7)postbit_onlinestatus
  • (7)postbit_wrapper
  • (1)spacer_close
  • (1)spacer_open
  • (1)tagbit_wrapper 

Phrase Groups Available:
  • global
  • inlinemod
  • postbit
  • posting
  • reputationlevel
  • showthread
Included Files:
  • ./showthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/functions_bigthree.php
  • ./includes/class_postbit.php
  • ./includes/class_bbcode.php
  • ./includes/functions_reputation.php
  • ./includes/functions_post_thanks.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_postinfo_query
  • fetch_postinfo
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • showthread_start
  • showthread_getinfo
  • forumjump
  • showthread_post_start
  • showthread_query_postids
  • showthread_query
  • bbcode_fetch_tags
  • bbcode_create
  • showthread_postbit_create
  • postbit_factory
  • postbit_display_start
  • post_thanks_function_post_thanks_off_start
  • post_thanks_function_post_thanks_off_end
  • post_thanks_function_fetch_thanks_start
  • post_thanks_function_fetch_thanks_end
  • post_thanks_function_thanked_already_start
  • post_thanks_function_thanked_already_end
  • fetch_musername
  • postbit_imicons
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • postbit_display_complete
  • post_thanks_function_can_thank_this_post_start
  • tag_fetchbit_complete
  • forumrules
  • navbits
  • navbits_complete
  • showthread_complete