Infected with malicious code, version 2.2.5
This is an open discussion with 5 replies, filed under Troubleshooting.
Search
That's not really enough information to be able to pinpoint the origin of the attack. Here are some questions to understand your situation better.
- Is your site on a shared host?
- Are you using Plesk?
- What permissions have you set for your file and folders?
- Do you have any custom events?
- What extensions do you have installed?
- You mentioned this is not the first time you had this problem, can you explain your previous attacks you had, was it on the same site and/or the same server?
Hi, Allen thank you very much for your time. I will try reply all questions and share more information:
About this site:
- Yes, shared host, dreamhost.com
- No Plesk, they have a custom website management and panel
- The I don't remember change permissions, I believe is default of zip.
- In this website no custom events.
- I have these extensions: http://cl.ly/image/402P3o3H0x2R
- About another attack, I found some .php files changed with
base64(encode(
with a big encrypted string, same server (dreamhost), another shared account.
So if you need more information, please ask me.
Thanks again.
Have you e-mailed Dreamhost about it?
@marciotoledo - Here's an article about a fix sites that are attacked with the base64 malware in php. This specific article deals with php files in Wordpress, but it should apply for any php (I think).
Here's a helpful article from MediaTemple on how to deal with sites that have been attacked with malware.
Have you e-mailed Dreamhost about it?
Also, @marciotoledo, I agree with @Lewis, you should definitely email Dreamhost about it.
Ok guys, I will send email to dreamhost. I will read the articles, if have more information I will update here.
Thank you very much.
Create an account or sign in to comment.
Hi there!
I had a customer website index.php file infected with base64 code.
The site is: www dot lucianomunhoz dot com
I don't have budget to upgrade to newest version, so.. have some idea to origin of problem? The XSS extension is enabled.
This is not first time I have this problem, I'm looking for a guide of security, maybe I'm doing something wrong.
Thank you very much.