I keep getting hacked...
 

Every 3 days or so my website [possible virus link removed] will have some new encrypted code embeded to the top of the page causing lots of shit to go down.

Anyone have any info on any wordpress flaws? Or what this could be?

To remove it I have to litteraly delete every file on the server and reupload or it wont go away. This is getting annoying.

Thanks

That's gay...

how gay?

yeah, how gay is that....


just playing :winkwink:

Serioulsy, how the fuck does this keep happening.

gotta switch up your paswwords or something

Hey RobV, I think I can help !
 

Perhaps I can help you out... Please ICQ me at: 397994057

Later,

that's very gay, some would say... homosexually gay.

Must be a gay basher

What's your host? Better ask them no?

I don't think its just a password thing.

What other scripts are on the server? Does the host have everything updated? Is telnet open?

My host is webair. I have asked them 10 times with the responce of, "Its all your fault, nothing is wrong on our end."

The only other coding in this anywhere is ifram code to my sponsor. Everything else is straight from wordpress.

Using latest Wordpress version?

Yes sir.

whats that crap virus again everyone had some months ago

it added some code on top, many sites got hit with it

I agree. Any imput on how to keep it off?

VERY ghey

ok now I know for sure - thats the virus that infects the server

thats OLD at least 4-5 months lemme search

glad i did my research on hosts before making my switch.. weblair has alot of bad things said about them here.

damn what was it - wasnt it a local pc virus that attaches itself to any webpage if you FTP it? someone help

It's not uniqcount.net is it? I keep getting hit by them :(

it was some VB virus that attached when uploading pages - ask Webair they should know for sure

here you go

its Win32:trojano-p also known as Win32/Anserin!generic.

That explains it. Switch hosts and that will solve your problem...I guarantee it. :2 cents:

Yeah webair won't really help you out if your box has been comprimised.
Here's a little suggestion to see what is running in the background:
I'm pressuming this malicious script is being called by a cron job so log in by ssh with your root password and type in crontab -l
See what is running in the background, if there is nothing then it's time to call in a security expert and have the whole box scanned.

Are you running an older version of AW Stats?

If I still remember ok, it was a local PC virus that attached a VB line on top. Lotsa sites had that, google for the names I gave, the virus is like 6 months old at least, maybe older. As long as its on your local PC, itll infect your files everytime you FTP.

That's as nasty as a rootkit on the server.

If you don't know how, ask your host to read Apache logs to see what was compromised and how.

Then, change hosts to someone who will actually help you.

Yeah I am reading about that, the only thing that gets me is I have Norton Internet Security (and virus scanner) and I have the most up to date definitions and its not pulling anything on the sytem (yet I do still think its on my comp) Any ideas?

Secondly I have asked webair for help, honestly about 5 times with the same reply of "nothing we can do, its all on you, make sure your wordpress is uptodate."

Thats exactly who it is.

haha :1orglaugh :1orglaugh

They got me the other day. I also host at Webair.

I'm on Phatservers... They have been looking over it for me today.... Seems to be something with sites running form submits. :disgust

To be fair, it's not really the hosts fault you got hacked unless it was done through a hole in the OS/Kernel.

I would argue it's the customers responsibility to ensure any scripts on their sites are up to date, as would many hosting companies both adult and mainstream. Certainly there are hosts who will take care of things like that but for the price point many adult webmasters are looking for it's simply not realistic to expect your host to keep your scripts up to date for you unless you are paying a premium.

Having said that, once something has been exploited it's my opinion that it's the host's responsibility to find the cause of the problem and correct it if you are unable to do so on your own. There's a plethora of tools and methods out there to combat these exploits as well as remove them from your server.

Any host who values their clients, as well as the integrity of their client's sites should do whatever they can to assist you in getting the issue resolved. If they refuse, there are hosting companies out there who would be happy to take care of you.

There are many things the average webmaster can do to make sure things like this are unlikely to happen. Scripts are not Ronco Rotisseries. You can't just "set it and forget it" with a script. Many popular scripts have older versions with giant-gaping-goatse-like holes in them that do not exist in current versions. You should check weekly (At the very least monthly) for updates to your scripts, and if there are updates update them immediately

THis shit is going around.. I have been hit by this bullshit also every few days now it seems. I took a look at sherms site and mine and we are not running ANY similar scripts...

NAME: Exploit.HTML.Mht
ALIAS: MS04-025, CAN-2004-0549, HTML/MHT@EXPL, Mht


Summary


An exploit is a short code or script that uses a vulnerability to perform malicious actions.

The HTML.Mht exploit is embedded to HTML web pages. It attempts to download and install a malicious program on your computer by using a security vulnerability in Internet Explorer.

More information about this security vulnerability, including a fix, is available from Microsoft: http://www.microsoft.com/technet/sec.../MS04-025.mspx



================================================== ===

Remember who else did something like this? ...

this is true but its not your mechanics job to tell you not to stick orange juice in your gas tank but if you do and your car fucks it it would be nice to at least let him know the problem ( easily accomplished in this case with a quick peek at the server )

Hosts that wont help in this situation really piss me off, its obvious the guy doesnt know what the problem is , and he will just leave if he cant get it fixed so its hardly not worth it to the host to quicly tell them what the problem is , if the customer INSISTS on running something unsecure , thats a diff story but if they are just clueless it seems a no-brainer to help them out for the 10 minutes it might take to fix the problem for a tech

do you have any counter on your page?

no i dont?

who the fuck is this guy? my fucking computer has this shit now!


:mad:

He said he had issues on his page and you clicked the link. He is trying to get it sorted out. If your pc is not protected why click a link when it is typed out that it has issues he is seeking help to fix?

I agree that it is not the hosting companies responsibility to monitor everything that is installed and ran on the server. I agree that the client (me) should have everything up to date and attempt to keep it that way.

Again I would like to share that there is NOTHING ELSE aside from the most up to date verison of wordpress running. Thats it.

My system has been scanned, re scanned, cleaned, anything to make sure nothing was on my end, I am clean.

So where do I go now? Or.... Who takes the next step?

well , a good idea is to have a new password setup .. huge one .. about 12+

with numbers and Letters + have your host put in a firewall for you.. so only your ip can ssh or ftp to your server

and if this dosn't work .. have someone check all your scripts


also .. have your own system at home or the office checkes for spyware.. just incase

good luck

No counter. Just wordpress.

FelixFlow, I really am sorry. I left it up for the purpose stated, so people could view it in the "hacked" form, instead of me trying to visually and verbally discribe the situation.