Is removing a virus from a server a difficult project? - GoFuckYourself.com

Minte · 02-10-2010, 06:02 PM

I'm not a server guy. Just wondering how long something like that should take.

antpeks · 02-10-2010, 06:02 PM

depends on what shit you got

Minte · 02-10-2010, 06:04 PM

Quote:

Originally Posted by antpeks

depends on what shit you got

It's redirecting my sites and gallerys to a tube site

antpeks · 02-10-2010, 06:06 PM

Quote:

Originally Posted by Minte

It's redirecting my sites and gallerys to a tube site

its not a virus, put the site url in google and add remove after so

"site.com remove"

and you are clean in few minutes. google is still friend

Minte · 02-10-2010, 06:15 PM

Thankyou, I will give that a go.

Minte · 02-10-2010, 07:24 PM

Tried that,and when I clicked on any page from the domain this avg warning opens.

CyberHustler · 02-10-2010, 07:27 PM

You really tried that?

Minte · 02-10-2010, 07:39 PM

Quote:

Originally Posted by CryBaby

You really tried that?

I've lost nearly a million hits since the weekend,the server tech is useless and at this point I will stand on a stool and howl at the moon if that what it takes.

xenigo · 02-10-2010, 07:41 PM

Quote:

Originally Posted by Minte

I've lost nearly a million hits since the weekend,the server tech is useless and at this point I will stand on a stool and howl at the moon if that what it takes.

That's crazy. What is your site?

Phoenix · 02-10-2010, 08:33 PM

time to change hosts man

you are probably a nie sized account for them...and if they can take care of business for you.....next

CyberHustler · 02-10-2010, 08:40 PM

Quote:

Originally Posted by Minte

I've lost nearly a million hits since the weekend,the server tech is useless and at this point I will stand on a stool and howl at the moon if that what it takes.

Nah, just upload a backup or find another host...

HandballJim · 02-10-2010, 08:46 PM

If it cost you a million hits already I would be on the phone with a rep from symantec or mcaffee to see what solutions they have.

I work from a webs folder on my desktop and just publish the new files...this way if the virus gets into my web folder I just need to remove it from my webfolder then re-publish the files without the virus. I usually scan the folder once a week for viruses...Not sure if this is a full proof system though.

unleashxxx · 02-10-2010, 08:54 PM

i can help icq me 784260

BIGTYMER · 02-10-2010, 09:41 PM

Sorry to hear about this man... How has ISPrime not fixed this for you already?

It looks like the server or one of your scripts was compromised and they added code to every page.

CyberHustler · 02-10-2010, 09:58 PM

Check any global template files...

rowan · 02-10-2010, 10:14 PM

Server side infection can be hard to get rid of, because you need to (a) know how they got in, and fix that hole and (b) find any altered or added files which would allow them access even once you close that hole. It's often the second part that is the most time consuming.

Why haven't you restored from backup?

HandballJim · 02-10-2010, 10:42 PM

yahoo results for "clean virus from server"

mmcfadden · 02-10-2010, 10:45 PM

Can you look in your root directory and organize all your files by date? Find out which ones have been modified and see if you can identify the malicious code.

Also, run a full scan on any computer you ftp with

BIGTYMER · 02-11-2010, 01:20 AM

If you don't have a backup you're up shit creek.

SmellyNose · 02-11-2010, 01:26 AM

You are going to be best asking in all of the webmaster forums you can find for somebody to SSH in and sort it.

Even if it was as simple as a recursive sed on the sites files, more than likely they will be back as the hole wasn't closed. So you need to be careful.

Run an anti virus on any PCs you use to connect to your server.
Change the passwords to your server, from a different PC to any of the above.
Get somebody to SSH in and grep for the URL your sites are being redirected to and use sed to replace them.
More than likely the redirect will be in JS or at least encoded some how so you won't be able to just do a search for the URL, you'll have to do a search for encoding/decoding functions.

You're best paying somebody $100 to sort it for you, if your host can't/won't do it.

And stop using IE.

Tasty1 · 02-11-2010, 05:23 AM

Most of the viruses leave a code in every .php file.
You have to clean all the .php files or put a back up.

But they where able to inject code in your pages.
So there must be a leak somewhere.
And that can be done in a lot of software.
So you have to check als installed scripts.
Maybe you can see where they got in in your log file.

This can be solved in 1 hour. But it also can takes days before you find out where they get in. Look what software could be vunerable and search the forums of that software. Most of the time other people suffer the same problems and questions pop up on forums.

When it is fixed you have to send your page to google again. The blacklisted your domain. I had that once and they got me of the blacklist a few hours after i send in my site to get of the blacklist.

HomerSimpson · 02-11-2010, 07:03 AM

depends how virus is fucked up...
if you need any help you may hit me up...

02-10-2010, 06:02 PM	#1
Minte Babemeister Industry Role: Join Date: Jun 2001 Location: Madison Posts: 7,081	Is removing a virus from a server a difficult project? I'm not a server guy. Just wondering how long something like that should take. __________________ You might not be as anonymous as you think you are.

02-10-2010, 06:15 PM	#5
Minte Babemeister Industry Role: Join Date: Jun 2001 Location: Madison Posts: 7,081	Thankyou, I will give that a go. __________________ You might not be as anonymous as you think you are.

02-10-2010, 07:24 PM	#6
Minte Babemeister Industry Role: Join Date: Jun 2001 Location: Madison Posts: 7,081	Tried that,and when I clicked on any page from the domain this avg warning opens. __________________ You might not be as anonymous as you think you are.

02-10-2010, 08:33 PM	#10
Phoenix BACON BACON BACON Industry Role: Join Date: Nov 2002 Location: Poems everybody, the laddie fancies himself a poet Posts: 35,457	time to change hosts man you are probably a nie sized account for them...and if they can take care of business for you.....next __________________ Skype Phoenixskype1 Telegram PhoenixBrad https://quantads.io

02-10-2010, 08:46 PM	#12
HandballJim Confirmed User Industry Role: Join Date: Sep 2008 Location: NYC Posts: 4,024	If it cost you a million hits already I would be on the phone with a rep from symantec or mcaffee to see what solutions they have. I work from a webs folder on my desktop and just publish the new files...this way if the virus gets into my web folder I just need to remove it from my webfolder then re-publish the files without the virus. I usually scan the folder once a week for viruses...Not sure if this is a full proof system though. __________________ HOW I MAKE LOTS OF $$$

02-10-2010, 06:02 PM	#2
antpeks So Fucking Banned Join Date: Nov 2005 Location: Antwerp Posts: 51	depends on what shit you got

02-10-2010, 07:27 PM	#7
CyberHustler Masterbaiter Industry Role: Join Date: Feb 2006 Posts: 26,113	You really tried that?

02-10-2010, 08:54 PM	#13
unleashxxx Confirmed User Join Date: Mar 2006 Posts: 222	i can help icq me 784260

02-10-2010, 09:41 PM	#14
BIGTYMER Junior Achiever Industry Role: Join Date: Nov 2004 Location: Walled Garden Posts: 17,066	Sorry to hear about this man... How has ISPrime not fixed this for you already? It looks like the server or one of your scripts was compromised and they added code to every page.

02-10-2010, 09:58 PM	#15
CyberHustler Masterbaiter Industry Role: Join Date: Feb 2006 Posts: 26,113	Check any global template files...

02-10-2010, 10:14 PM	#16
rowan Too lazy to set a custom title Join Date: Mar 2002 Location: Australia Posts: 17,393	Server side infection can be hard to get rid of, because you need to (a) know how they got in, and fix that hole and (b) find any altered or added files which would allow them access even once you close that hole. It's often the second part that is the most time consuming. Why haven't you restored from backup?

02-10-2010, 10:42 PM	#17
HandballJim Confirmed User Industry Role: Join Date: Sep 2008 Location: NYC Posts: 4,024	yahoo results for "clean virus from server" __________________ HOW I MAKE LOTS OF $$$

02-10-2010, 10:45 PM	#18
mmcfadden So Fucking Banned Join Date: Oct 2008 Location: philly Posts: 5,099	Can you look in your root directory and organize all your files by date? Find out which ones have been modified and see if you can identify the malicious code. Also, run a full scan on any computer you ftp with

02-11-2010, 01:20 AM	#19
BIGTYMER Junior Achiever Industry Role: Join Date: Nov 2004 Location: Walled Garden Posts: 17,066	If you don't have a backup you're up shit creek.

02-11-2010, 01:26 AM	#20
SmellyNose Confirmed User Industry Role: Join Date: Aug 2009 Location: me at smellynose.com Posts: 206	You are going to be best asking in all of the webmaster forums you can find for somebody to SSH in and sort it. Even if it was as simple as a recursive sed on the sites files, more than likely they will be back as the hole wasn't closed. So you need to be careful. Run an anti virus on any PCs you use to connect to your server. Change the passwords to your server, from a different PC to any of the above. Get somebody to SSH in and grep for the URL your sites are being redirected to and use sed to replace them. More than likely the redirect will be in JS or at least encoded some how so you won't be able to just do a search for the URL, you'll have to do a search for encoding/decoding functions. You're best paying somebody $100 to sort it for you, if your host can't/won't do it. And stop using IE. __________________ I'm a PHP developer - 594086663 - [email protected]

02-11-2010, 05:23 AM	#21
Tasty1 Confirmed User Industry Role: Join Date: Jan 2005 Location: South-America Posts: 9,504	Most of the viruses leave a code in every .php file. You have to clean all the .php files or put a back up. But they where able to inject code in your pages. So there must be a leak somewhere. And that can be done in a lot of software. So you have to check als installed scripts. Maybe you can see where they got in in your log file. This can be solved in 1 hour. But it also can takes days before you find out where they get in. Look what software could be vunerable and search the forums of that software. Most of the time other people suffer the same problems and questions pop up on forums. When it is fixed you have to send your page to google again. The blacklisted your domain. I had that once and they got me of the blacklist a few hours after i send in my site to get of the blacklist.

02-11-2010, 07:03 AM	#22
HomerSimpson Too lazy to set a custom title Industry Role: Join Date: Sep 2005 Location: Springfield Posts: 13,826	depends how virus is fucked up... if you need any help you may hit me up... __________________ Make a bank with Chaturbate - the best selling webcam program Ads that can't be block with AdBlockers !!! /// Best paying popup program (Bitcoin payouts) !!! PHP, MySql, Smarty, CodeIgniter, Laravel, WordPress, NATS... fixing stuff, server migrations & optimizations... My ICQ: 27429884 \| Email: