|
|
|
|
||||
|
Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums. You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us. |
|
|||||||
| New Webmasters ask "How-To" questions here. This is where other fucking Webmasters help. |
|
|
Thread Tools |
05-20-2012, 12:34 PM
|
#1 |
|
Elysium
Industry Role:
Join Date: Feb 2011
Location: Prague
Posts: 1,037
|
How to get rid of Blackhole Exploit Kit 2160
Im on shared hosting with several sites running on WP and they all got infected by this Blackhole Exploit Kit 2160 s**t. It adds long code into index.php and main.php. If I delete this bad line of code and save the file then it will be back in a minutes again. Dont you know how to remove it?
|
|
|
|
05-21-2012, 05:20 AM
|
#2 |
|
♥♥♥ Likes Hugs ♥♥♥
Industry Role:
Join Date: Nov 2001
Location: /home
Posts: 15,841
|
First, change your FTP password and don't access the site from FTP anymore. Use SSH if it's available.
Make sure permissions are nailed down. Make sure you don't have a virus on your computer. Some viruses will take the password files from applications like filezilla and send them off to 3rd parties. If it keeps happening, contact your host. Many times it's another customer on the same server who is infected and infects everyone else on the server who has their files world writable.
__________________
I like pie. |
|
|
|
|
05-21-2012, 09:01 AM
|
#3 |
|
Confirmed User
Industry Role:
Join Date: Mar 2012
Posts: 305
|
Taking for granted you've already upgraded WP to the latest version, right? That should be your first step if not. Re-entry is happening either by the same exploit still existing, or an additional method having been created.
|
|
|
|
|
05-21-2012, 12:12 PM
|
#4 |
|
Elysium
Industry Role:
Join Date: Feb 2011
Location: Prague
Posts: 1,037
|
Thanks for answers. It infects not only WP sites, but all sites (it adds some code to the index.php and main.php files, I also found malicious code in 404.php's but im not sure wheter is belongs to Blackhole exploit), but it seems that this code is added by some other source (could be some script) because right after I delete this code and save file it is back after few minutes when I reopen it.
Anyway I did following. Re-installed all WP's, then upgraded all WP's and plugins. Reuploaded backups of other non-WP sites and changed FTP password. Since then everything seems fine. It took me whole day to solve it. Btw. my host replied only with pre-made email what they send to people whos sites were hacked. Really helpful. |
|
|
|
|
05-22-2012, 03:40 PM
|
#5 |
|
Confirmed User
Industry Role:
Join Date: Apr 2010
Posts: 1,084
|
also, make sure to check ALL .js files you are including, if there there are any URLs hidden in them...! I also had troubles before...
__________________
php, html, jquery, javascript, wordpress - contact me at contact at zerovic.com |
|
|
|
|
05-25-2012, 11:41 AM
|
#6 |
|
Registered User
Industry Role:
Join Date: Oct 2011
Location: The Internet, California
Posts: 34
|
Mind if I ask who your host is RachelBlackG?
Just out of curiosity, because I may want avoid them in the future. I currently for with godaddy, which has it''s pros & cons... |
|
|
|
|
05-27-2012, 02:54 AM
|
#7 |
|
Elysium
Industry Role:
Join Date: Feb 2011
Location: Prague
Posts: 1,037
|
My host is JustHost.com
|
|
|
|
