Textpattern CMS support forum
You are not logged in. Register | Login | Help
- Topics: Active | Unanswered
Pages: 1
#1 2013-07-03 14:49:07
- alarius
- Member
- Registered: 2009-05-28
- Posts: 45
malware attac
hi everybody.
google blocked my site giving a problem with maliciuous software, and scanning with sucuri sitecheck gives me back this result:
status: Site infected with malware
web trust: Site blacklisted.
http://labs.sucuri.net/db/malware/malware-entry-mwexploitkitblackhole1?v88
some suggestions?
I’m sad.
Offline
Re: malware attac
Check your diagnostics to see any files have been modified. Also do you have any other installs aside to txp there?
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#3 2013-07-03 15:02:03
- alarius
- Member
- Registered: 2009-05-28
- Posts: 45
Re: malware attac
well, yesterday I get panic, so I copied with ftp my whole site folder in one folder of my pc, and after this I deleted all (except mysql database) and I put a “maintainance” page…
probably it was a not good move, wasn’t it?
Offline
Re: malware attac
so there is no way anyone can check now:)
Was your site on a shared server? Were any other sites infected?
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#5 2013-07-03 15:19:31
- alarius
- Member
- Registered: 2009-05-28
- Posts: 45
Re: malware attac
first thankyou for response, colak.
it was not a shared server (well, not sure of it, what does it means? I have a personale domain site)
it was related to an old page (on a different server) that redirected to the main page of the new one; google safebrowsing says
“Yes, this site has hosted malicious software over the past 90 days. It infected 1 domain, including …..”
(i dont’t put the real domain because I still have to clean up that one and I don’t want to pass infections)
I give you the whole report:
Site is listed as suspicious visit to this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time during the past 90 days.
What happened when Google visited this site?
From the test of 34 pages on the site over the past 90 days, we found that 3 pages is malicious software being downloaded and installed without user consent. The last time Google visited this site was on 01/07/2013, and suspicious content was found the last time on 01/07/2013.
Malicious software includes 6 exploit (s).This site was hosted on 1 network including AS31034 (ARUBA).
The site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, enofutura.it did not appear to function as intermediaries for distributing malware or viruses to other sites.Has this site hosted malware?
Yes, this site has hosted malicious software over the past 90 days. It infected 1 domain, including …….{Edited to add Textile’s bq.. for better understanding. – Uli}
Last edited by uli (2013-07-03 15:41:31)
Offline
Re: malware attac
What you have to figure out is how the site was infected. Through the site/server logs you may check if anybody else logged in via ftp or any other way. You should also get in touch with your host as they may want and they should investigate it. Also, change all your usernames and passwords for the database, ftp and whatever is related to your site. You may also check your backed up db for viruses using an up to date virus scan software in your computer.
Yiannis
——————————
NeMe | hblack.art | EMAP | A Sea change | Toolkit of Care
I do my best editing after I click on the submit button.
Offline
#7 2013-07-04 06:26:24
- alarius
- Member
- Registered: 2009-05-28
- Posts: 45
Re: malware attac
I try to discover something but it will be not easy, I don’t know how to find logs on the server.
anyway I’ll contact the host to ask them about.
I did a vistus scan on my comouter but nothing appears…
thankyou for your help
Offline
Pages: 1