I keep getting hacked...
 

Every 3 days or so my website [possible virus link removed] will have some new encrypted code embeded to the top of the page causing lots of shit to go down.

Anyone have any info on any wordpress flaws? Or what this could be?

To remove it I have to litteraly delete every file on the server and reupload or it wont go away. This is getting annoying.

Thanks

That's gay...

how gay?

yeah, how gay is that....


just playing :winkwink:

Serioulsy, how the fuck does this keep happening.

gotta switch up your paswwords or something

Hey RobV, I think I can help !
 

Perhaps I can help you out... Please ICQ me at: 397994057

Later,

that's very gay, some would say... homosexually gay.

Must be a gay basher

What's your host? Better ask them no?

I don't think its just a password thing.

What other scripts are on the server? Does the host have everything updated? Is telnet open?

My host is webair. I have asked them 10 times with the responce of, "Its all your fault, nothing is wrong on our end."

The only other coding in this anywhere is ifram code to my sponsor. Everything else is straight from wordpress.

Using latest Wordpress version?

Yes sir.

whats that crap virus again everyone had some months ago

it added some code on top, many sites got hit with it

I agree. Any imput on how to keep it off?

VERY ghey

ok now I know for sure - thats the virus that infects the server

thats OLD at least 4-5 months lemme search

glad i did my research on hosts before making my switch.. weblair has alot of bad things said about them here.

damn what was it - wasnt it a local pc virus that attaches itself to any webpage if you FTP it? someone help

It's not uniqcount.net is it? I keep getting hit by them :(

it was some VB virus that attached when uploading pages - ask Webair they should know for sure

here you go

its Win32:trojano-p also known as Win32/Anserin!generic.

That explains it. Switch hosts and that will solve your problem...I guarantee it. :2 cents:

Yeah webair won't really help you out if your box has been comprimised.
Here's a little suggestion to see what is running in the background:
I'm pressuming this malicious script is being called by a cron job so log in by ssh with your root password and type in crontab -l
See what is running in the background, if there is nothing then it's time to call in a security expert and have the whole box scanned.

Are you running an older version of AW Stats?

If I still remember ok, it was a local PC virus that attached a VB line on top. Lotsa sites had that, google for the names I gave, the virus is like 6 months old at least, maybe older. As long as its on your local PC, itll infect your files everytime you FTP.

That's as nasty as a rootkit on the server.

If you don't know how, ask your host to read Apache logs to see what was compromised and how.

Then, change hosts to someone who will actually help you.

Yeah I am reading about that, the only thing that gets me is I have Norton Internet Security (and virus scanner) and I have the most up to date definitions and its not pulling anything on the sytem (yet I do still think its on my comp) Any ideas?

Secondly I have asked webair for help, honestly about 5 times with the same reply of "nothing we can do, its all on you, make sure your wordpress is uptodate."

Thats exactly who it is.

haha :1orglaugh :1orglaugh

They got me the other day. I also host at Webair.

I'm on Phatservers... They have been looking over it for me today.... Seems to be something with sites running form submits. :disgust

To be fair, it's not really the hosts fault you got hacked unless it was done through a hole in the OS/Kernel.

I would argue it's the customers responsibility to ensure any scripts on their sites are up to date, as would many hosting companies both adult and mainstream. Certainly there are hosts who will take care of things like that but for the price point many adult webmasters are looking for it's simply not realistic to expect your host to keep your scripts up to date for you unless you are paying a premium.

Having said that, once something has been exploited it's my opinion that it's the host's responsibility to find the cause of the problem and correct it if you are unable to do so on your own. There's a plethora of tools and methods out there to combat these exploits as well as remove them from your server.

Any host who values their clients, as well as the integrity of their client's sites should do whatever they can to assist you in getting the issue resolved. If they refuse, there are hosting companies out there who would be happy to take care of you.

There are many things the average webmaster can do to make sure things like this are unlikely to happen. Scripts are not Ronco Rotisseries. You can't just "set it and forget it" with a script. Many popular scripts have older versions with giant-gaping-goatse-like holes in them that do not exist in current versions. You should check weekly (At the very least monthly) for updates to your scripts, and if there are updates update them immediately

THis shit is going around.. I have been hit by this bullshit also every few days now it seems. I took a look at sherms site and mine and we are not running ANY similar scripts...