Jump to content

Archived

This topic is now archived and is closed to further replies.

panamahat

Any one else getting 2344.in (malware) problem

Recommended Posts

Dear all Oscommernce users,

 

I am curious if other users are experiencing the same problem as I with a malware problem of 2344.in?

 

I have searched the code but have been unable to find 2344.in in any of the source code of the site.

 

Panamahat

Share this post


Link to post
Share on other sites

Dear all Oscommernce users,

 

I am curious if other users are experiencing the same problem as I with a malware problem of 2344.in?

 

I have searched the code but have been unable to find 2344.in in any of the source code of the site.

 

Panamahat

 

 

I was hacked into a while back but the hack was adding a .htaccess file into my account that was doing a redirect to some pharmacy site. I finally was able to get it all cleaned out and back to normal, but then I started to see this 2344.in malware problem pop up with my virus software when I would go to my site. I would love to know what this is so I can get rid of it as well.

 

Thanks

James

Share this post


Link to post
Share on other sites

1) Lock down your website using cpanel password or .htaccess passwords to prevent the spread of the virus or malware.

 

2) Download ALL files to your local machine and use a program like WinGrep to search and remove malicious code.

 

3) Look for and remove anomalous files (backdoors)

 

4) Upload the newly cleaned files to your hosting account.

 

5) Read the following threads and apply the security patches and contributions mentioned in these threads. Admin Security Website Security

 

6) Remove the password protection from your site and open it again so your customers can buy something and justify all the hard work you have done in steps 1-5.

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Chris misses out the step of either totally removing all files from your web server or deleting any files removed from your local copy in step 3 from your server.

 

I recently found a link to an indian site, nt01.co.in, in /includes/footer.php

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

Your hack is encoded somewhere your site.

 

you dont have to download it entirey, look for viral strings with ssh.

 

Highly recommend Site monitor... (one of the things included in the How To secure your site, commented by Dunweb)

 

if you are lost,

 

Look for your last backup (i will probably will be infected aswell)

or

Copy all your actual files zip them...

 

Remove sensitive data from it (images...sql dump with clients... etc... your configure.php is compromised and so it does not matter, you will have to change your keys eventually)

 

Put your files in a zip, and post it somewhere we can see it (mediafire or something like that, or at your own site.... whatever it takes), in order to help you, or to give you further advice...

Share this post


Link to post
Share on other sites

"Put your files in a zip, and post it somewhere we can see it (mediafire or something like that, or at your own site.... whatever it takes), in order to help you, or to give you further advice..."

 

Ignore this. Poor advice. Keep your files to yourself and to your chosen developer (assuming you even need a developer).


Help shape the future of Phoenix; join the Phoenix Club

Share this post


Link to post
Share on other sites

Hi burt, whats the problem with the suggestion? you find it unsecure? I think its the best and more direct way to provide from serious help. Most of the people commenting usually leave thing behind because they dont have the complete panoramma...


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites
whats the problem with the suggestion? you find it unsecure?

 

I think there are MANY reasons NOT to follow Oscar's advice. First and foremost, hundreds of people could download his entire site in a matter of minutes. Those willing to help, and those who are wanting to hurt. How would you like hundreds of copies of your website appearing on the net ? all with the same keywords, products, logo etc ?

 

I have reviewed all of Oscar's advice (12 posts) and found only 1 that was relevant to the topic and was good advice. No offense Oscar, but you appear to lack experience.

 

Procommerce, welcome to the forum, but if this is also your advice, you should consider the bigger picture when it comes to information posted on the internet.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

The individual shop owner, assuming he needs a developers help, will contact a developer who he/she can see has more then 1 post or 12 posts - in other words someone who knows exactly what they are doing and, more importantly, can display a consistent track record in helping others in this forum.

 

That developer will then advise his/her client appropriately on how/what/where/when to cleanse and secure the files.

 

For a shop owner to take advice like that of Oscar Pardus and act on it, is foolhardy in the extreme. It's bad advice.


Help shape the future of Phoenix; join the Phoenix Club

Share this post


Link to post
Share on other sites

Chris and Burton, thanks for the update!


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

Hey burt, i was only trying to help... by posting some PROACTIVE ideas...

 

Ive been working with osc since 2005, used this forum sometimes, learned the hardway... i really wished someone would have offered himselft to helpme like i do now when i had a problem.

 

Its more than clear that this user really needs a developer, or someone who knows a little bit more... he would be asking what he asks... therefore... reading redirections to other tutorial (please guys dont take it personally) may be hopefull but not really helpfull...

 

What i did is to think outside of the box...

 

Im Sorry if thinking different supposes a poor advice...

Share this post


Link to post
Share on other sites

You could install the add-on VTS and use the "grep" option to search for 2344.in

 

HTH

 

G


Need help installing add ons/contributions, cleaning a hacked site or a bespoke development, check my profile

 

Virus Threat Scanner

My Contributions

Basic install answers.

Click here for Contributions / Add Ons.

UK your site.

Site Move.

Basic design info.

 

For links mentioned in old answers that are no longer here follow this link Useful Threads.

 

If this post was useful, click the Like This button over there ======>>>>>.

Share this post


Link to post
Share on other sites

×