Jump to content

Archived

This topic is now archived and is closed to further replies.

tinhyeuon

Help me, site virus?

Recommended Posts

Please help me,

When I use osCommerce, I do not understand my site, it automatically runs to the site: zxsoftpromo.ru /, bepersonal-guard.in /, etymeri.ru /. it is toxic, but google it the site warns.

What do I do, when I checked there is no link in the code to my site.

 

Thank you

Share this post


Link to post
Share on other sites

Please help me,

When I use osCommerce, I do not understand my site, it automatically runs to the site: zxsoftpromo.ru /, bepersonal-guard.in /, etymeri.ru /. it is toxic, but google it the site warns.

What do I do, when I checked there is no link in the code to my site.

 

Thank you

 

Follow these steps to clean and secure your website:

 

1) Lock down your site by using an .htaccess password so your customers are not attacked by the hackers code.

 

2) FTP all of the files to your local machine and use a program like WinGrep to identify and remove all malicious and anomalous files containing hacker code.

 

3) Delete the files on your hosting account before uploading the clean files.

 

4) FTP the clean files back to your hosting account and read and implement the security patches and contributions found in these two threads. Admin Security and Website Security.

 

5) Change all of your passwords: FTP, CPANEL, STORE ADMIN and DATABASE

 

6) Make sure File and Directory Permissions are set correctly. Directories no higher than 755, Files no higher than 644 and the TWO configure.php files no higher than 444

 

7) If your site has been 'black listed' as an attack site by Google, then log into Google Webmaster Tools and submit the site to be re-indexed and verified to be removed from the 'black list'

 

8) Remove the .htaccess password protection so your customers can resume making purchases from your website.

 

9) Monitor your website using the newly installed contributions to prevent future hacker attacks.

 

10) Seek out experienced help if you feel you can not perform any of the above steps. If you miss any of these steps your site may remain accessible to the hacker.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

I have the same problem. My index.html as well as the index.php file are wiped out and their content is replaced with a weird javascript.

 

When I try to run WinGrep, it asks me to enter a "search string". How am I supposed to know that?

 

Thanks,

 

Ed

Share this post


Link to post
Share on other sites

That was a fast and accurate reply from Chris!

Liked this very much:

10) Seek out experienced help if you feel you can not perform any of the above steps. If you miss any of these steps your site may remain accessible to the hacker.


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

Ed,

 

If you are using wingrep, try the search string eval base64 which is the most common encryption used by hackers. There are others but that is a good place to begin.

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

To Chris: Thanks for the input. I ran "eval base64" through WinGrep and it did not return any results. Yet somehow, whenever I fix the two wiped out files (index.html, index.php) the website/cart is accessable for a day, then they are wiped out again the next day. What should I do next?

 

To ProCommerce: This is a help forum, right? It exists so newbies like myself can ask for help? How was your post "10) Seek out experienced help if you feel you can not perform any of the above steps" helpful? Why did you bother to post in the first place if you don't have any meaningful contribution to make?

Share this post


Link to post
Share on other sites

Ed,

 

That can only mean that the hacker has placed a backdoor on your site. Although he did not encrypt any code using eval base64, he undoubtedly has access using an anomalous file. As for Procommerce, you will have to forgive him, he has been dredging for new clients here for about a month and seems to be showing signs of desperation now.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Hey chris, that comment was not so nice! Hey ESM, you joined 6 years ago... you are still a newbie? c'mon!

 

Anyways, will try to set this clear... Esm, sorry if my comment bothered you, found little to add to chris CTRL+V speech and was trying to be funny, sorry again. Chris, thanks for the "desperate" input, guess you are reflecting your own feelings... like the fear of knowing new peolple where YOU look for clients aswell...

 

As a helpful comment.... for what i read, ESM, if you dont find the Eval thing try with "iframe".... Try to upload aclean copy of an htaccess.


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

Procommerce,

 

90% of my 5000+ posts are to help others with their problems. However, there are some that need to contact experienced uses to help them and I offer that service. If my previous post offended you, I am very sorry but your post intention was obvious to the OP and myself and quite frankly someone needed to say it, so I did.

 

If you offer good quality advice and professional services the clients will come to you, you don't have to 'sell' yourself here.

 

 

 

Chris


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

Well, for the sake of this post, i will say something usefull...

 

Dear tinhyeuon, can you tell what is the actual content of your htaccess file?

 

Dunweb, go to the shrink, you are projecting...... (a psychological defense mechanism where a person unconsciously denies their own attributes)


Providing Ecommerce & CRM Solutions since 1995

Vote my post up if you found it usefull

Share this post


Link to post
Share on other sites

I digress, you're right, I am wrong, lead the way.


:|: Was this post helpful ? Click the LIKE THIS button :|:

 

See my Profile to learn more about add ons, templates, support plans and custom coding (click here)

Share this post


Link to post
Share on other sites

×