May 4th, 2010, 12:51 AM
Malware detected on website, need to remove
After which there is a large section which doesnt make any sense. The main thing is actually finding exactly where they've inserted the function, as its not just inserted simply on index.php. If someone very trusted is willing to help me out, I can discuss more in private.
<!-- Google analitics BEGIN -->
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
May 4th, 2010, 08:46 AM
Why bother?..........................until you have found and fixed the site's vulnerability you are just wasting your time IMO. It would be a bit like banging your head against a wall and taking aspirin because you have a headache?
My friends website seems to have malware on it, however, I am unsure exactly how to remove it.
You should be able to recover from an uninfected backup? but it will still come back because you are obviously vulnerable?
For anyone to really help you they will need to visit the site and have a look. I would ask anyone interested to PM shad0w7 to get the relevant information..............thanks
May 4th, 2010, 09:34 AM
Thats not really a problem, because we know how we got hacked, the admin was keylogged... Passwords have been changed,etc, but we still have this problem. Please if anyone is willing to have a look through the code and figure out where its hidden then pm me.
May 6th, 2010, 12:55 PM
Send me a PM, i'd be happy to spend a lil time checking it out, the Moderator's here can verify i'm trust worthy.
May 6th, 2010, 01:01 PM
edit , actually tell your friend to change the admin password on he's hosting cpanel on a different machine, also tell him to check all FTP accounts and change there' passwords and lock down permission settings on them.
also manually check the chmod permissions on each file and correct as necessary.
Personally i would just delete everything in the file manager and up-load a backup that isn't tainted.
in the future don't download programs etc from bittorent and randomly open suspicious programs etc, and keep your firewall and anti virrii defintions upto date and to regular scans.
I could link you to the actual malware but meh i'd prob get banned for infecting n00bs. do'h
May 6th, 2010, 09:24 PM
The problem is the main owner is away, and we cant get contact with him, so we only have FTP access for now. Also, it is not manually inserted in every page, we have checked. It is somehow inserted in some important function which is called by every page in its source. I will pm you a few details.
May 9th, 2010, 02:55 AM
May 11th, 2010, 09:33 AM
The world is a dangerous place to live; not because of the people who are evil, but because of the people who don't do anything about it.
By cheyenne1212 in forum Miscellaneous Security Discussions
Last Post: February 1st, 2012, 01:51 PM
By jethro in forum The Security Tutorials Forum
Last Post: August 9th, 2006, 10:13 AM
By Aspman in forum Spyware / Adware
Last Post: November 21st, 2005, 08:07 AM
By thing0 in forum Tech Humor
Last Post: April 15th, 2004, 06:22 PM
By thehorse13 in forum AntiVirus Discussions
Last Post: May 23rd, 2003, 01:35 PM