Malware removal service

[grzepa]

There must be some vulnerability in the server I use or I don't know what's the cause, but my sites are being flagged with google malware warning. I also see some nasty .php files being randomly added to some of my websites. Both wordpress and plain html.

Any of you guys know of a reliable service that'll clean this shit for me and patch the vulnerabilty so it won't happen in the future ?

[247mg]

Tpl files in wp ate mostly infected with this which finally effect html files or php files...you need to contact host to clear this for you... Its called injection....

[grzepa]

This makes sense, unfortunately my host , I won't name it here, is not so good at doing anything more complicated. You think I should push them to get this done ?

[MiamiBoyz]

Quote:

Originally Posted by grzepa

This makes sense, unfortunately my host , I won't name it here, is not so good at doing anything more complicated. You think I should push them to get this done ?

Sounds like you are lucky if those fuckers just manage too keep the server plugged in!

[AdultKing]

Quote:

Originally Posted by grzepa

This makes sense, unfortunately my host , I won't name it here, is not so good at doing anything more complicated. You think I should push them to get this done ?

If you can't secure your own sites on your current host then perhaps you need to change hosting ?

[Paul&John]

Maybe your ftp password got stolen (in case you had stored it in Total Commander or similar) via a malware?

[Barry-xlovecam]

Sloppy PHP coding -- use PDO

Inputing user submitted data the right way:
PHP: PDO - Manual

This is probably beyond the scope of your abilities but the developers creating the code for your API should know better.

This is a nice blog article in more layman terms:
a2z notes: Introduction to PDO

Here is a long read on the SQL injection vulnerabilities in PHP query language.
mysql - How can I prevent SQL-injection in PHP? - Stack Overflow

[Babaganoosh]

ProntoAdmin | On Demand Server Administration

Hosts aren't really responsible for your content. Some might be willing to help but when there is a recurring problem, most of them are going to tell you to get it figured out or they are going to shut you down.

[Va2k]

Quote:

Originally Posted by Babaganoosh

ProntoAdmin | On Demand Server Administration

Hosts aren't really responsible for your content. Some might be willing to help but when there is a recurring problem, most of them are going to tell you to get it figured out or they are going to shut you down.

Not true, if it is a managed server then they are responsible to a point! Most if not all host who sell managed servers will do this for you free of charge unless there has to be custom scripting done. If your host has you on a managed plan and wont help, it is time to get rid of them right now!

Tom

[Babaganoosh]

Quote:

Originally Posted by Va2k

Not true, if it is a managed server then they are responsible to a point! Most if not all host who sell managed servers will do this for you free of charge unless there has to be custom scripting done. If your host has you on a managed plan and wont help, it is time to get rid of them right now!

Tom

Better check that host's scope of support. If it's managed, they might run clamav or just grep for the common base64/eval or iframe fuckery but hosts (managed or not) should not be touching customer code...ever.

If there were malicious files found somewhere, deleting them isn't going to make much difference. They will just keep returning until whatever allowed them to be uploaded is fixed. Most of the time it's a vulnerable WP theme or plugin and in that case, it's absolutely not something the host should be messing with. A lot of fledgling hosting companies will do this but those are typically the ones who haven't had a lesson in liability yet.

[247mg]

Quote:

Originally Posted by grzepa

This makes sense, unfortunately my host , I won't name it here, is not so good at doing anything more complicated. You think I should push them to get this done ?

We face the same issue and host tech created script to remove all injection in tpl file codes and it works.... Our host - Amerinoc 😎

[JuicyBunny]

Quote:

Originally Posted by 247mg

We face the same issue and host tech created script to remove all injection in tpl file codes and it works.... Our host - Amerinoc 😎

Amerinoc +100

[myleene]

I could check it for you. Email me or contact me on ICQ.

I could do it live with you on TeamViewer or a similar tool.

Don't trust anybody requesting ssh, ftp or admin access to your server without you monitoring their actions and them giving you a full report... It'll probably get you in more trouble than you're in.

[myleene]

Quote:

Originally Posted by Babaganoosh

Better check that host's scope of support. If it's managed, they might run clamav or just grep for the common base64/eval or iframe fuckery but hosts (managed or not) should not be touching customer code...ever.

If there were malicious files found somewhere, deleting them isn't going to make much difference. They will just keep returning until whatever allowed them to be uploaded is fixed. Most of the time it's a vulnerable WP theme or plugin and in that case, it's absolutely not something the host should be messing with. A lot of fledgling hosting companies will do this but those are typically the ones who haven't had a lesson in liability yet.

Exactly. Support ends on customer code.

They may change hardware, monitor system updates, install scripts, but I would never expect them to work on client code without compensation. If they do, you're probably paying too much for hosting monthly.

[hdbuilder]

It usually comes all from a single php file that reupload the bad files you see when you delete them and reinsert nasty codes into your html files.

Open one of your site and look at the source code of the page, check it without javascript enabled if your afraid of getting a virus, find an include which don't belong there, if it's encoded with eval (most of the time), decode it here HTML & JavaScript Encoder/Decoder.

Then look at the path of the php include file inside that code. Find that file and delete it (its the main file). Then run ComboFix on your computer to make sure you don't have any backdoor virus. That you got while watching porn

Then change your FTP, Cpanel (whatever), root password for your server.

Got those a few times and this is how i got ride of them...

[Paz]

I had lots of malware problems years ago on shared hosting, always WordPress. I spent many hours fixing it only to have them back in via a back door, but as a quick and dirty fix most (WP) problems disappear if you disable the php eval function.

[Va2k]

Quote:

Originally Posted by Babaganoosh

Better check that host's scope of support. If it's managed, they might run clamav or just grep for the common base64/eval or iframe fuckery but hosts (managed or not) should not be touching customer code...ever.

If there were malicious files found somewhere, deleting them isn't going to make much difference. They will just keep returning until whatever allowed them to be uploaded is fixed. Most of the time it's a vulnerable WP theme or plugin and in that case, it's absolutely not something the host should be messing with. A lot of fledgling hosting companies will do this but those are typically the ones who haven't had a lesson in liability yet.

What I was talking about was if a host offers managed servers and client request help then most GOOD host will do what they can for their client. I agree NO host should be allowed to just go into someone's site and fuck around with files without being asked. Each to their own on this.