“Infected with malicious code, version 2.2.5” – Forum Thread – Discuss

Infected with malicious code, version 2.2.5

This is an open discussion with 5 replies, filed under Troubleshooting.

Search

You are looking at page 1 of 1

- marciotoledo
- 16 Oct 12, 10:43 am
- Comment #1

Hi there!

I had a customer website index.php file infected with base64 code.

The site is: www dot lucianomunhoz dot com

I don't have budget to upgrade to newest version, so.. have some idea to origin of problem? The XSS extension is enabled.

This is not first time I have this problem, I'm looking for a guide of security, maybe I'm doing something wrong.

Thank you very much.

- Allen
- 16 Oct 12, 5:13 pm
- Comment #2

That's not really enough information to be able to pinpoint the origin of the attack. Here are some questions to understand your situation better.

Is your site on a shared host?
Are you using Plesk?
What permissions have you set for your file and folders?
Do you have any custom events?
What extensions do you have installed?
You mentioned this is not the first time you had this problem, can you explain your previous attacks you had, was it on the same site and/or the same server?

- marciotoledo
- 17 Oct 12, 2:03 am
- Comment #3

Hi, Allen thank you very much for your time. I will try reply all questions and share more information:

About this site:

Yes, shared host, dreamhost.com
No Plesk, they have a custom website management and panel
The I don't remember change permissions, I believe is default of zip.
In this website no custom events.
I have these extensions: http://cl.ly/image/402P3o3H0x2R
About another attack, I found some .php files changed with base64(encode( with a big encrypted string, same server (dreamhost), another shared account.

So if you need more information, please ask me.

Thanks again.

- Lewis
- 17 Oct 12, 2:57 am
- Comment #4

Have you e-mailed Dreamhost about it?

- bzerangue
- 17 Oct 12, 5:00 am
- Comment #5

@marciotoledo - Here's an article about a fix sites that are attacked with the base64 malware in php. This specific article deals with php files in Wordpress, but it should apply for any php (I think).

Here's a helpful article from MediaTemple on how to deal with sites that have been attacked with malware.

Have you e-mailed Dreamhost about it?

Also, @marciotoledo, I agree with @Lewis, you should definitely email Dreamhost about it.

- marciotoledo
- 18 Oct 12, 12:32 am
- Comment #6

Ok guys, I will send email to dreamhost. I will read the articles, if have more information I will update here.

Thank you very much.

Create an account or sign in to comment.

Symphony.