Malicious Files Detected on my site techblis.com

Discussion in 'Website Development & Design' started by williamluke01, May 15, 2013.

  1. williamluke01

    williamluke01
    uix_expand uix_collapse
    Member

    Joined:
    Apr 7, 2012
    Messages:
    74
    Likes Received:
    1
    Just received this email from my hosting provider "This notice is to inform you that we have detected malicious code in your website files. We have compiled a list of compromised files on your account, as well as the code injected, below."

    Third time got this email in a result my site goes down. Where could be the possible virus or malware file? How should i recover my site from this issue. I have just asked them to restore it and for now its working fine but for the time being.
     
  2. Fergal

    Fergal
    uix_expand uix_collapse
    Premium Member
    Premium Member

    Joined:
    Nov 18, 2007
    Messages:
    10,575
    Likes Received:
    1,165
    Have you asked your host for some help with securing your server or hosting account?

    It would also be a good idea to ask your host if they are using the latest version of all the software they are running on your server?

    Can you please give us a little more info as to the type of site or sites that are affected and the software you are running on those sites?
     
  3. GeekGhost

    GeekGhost
    uix_expand uix_collapse
    Member

    Joined:
    Oct 5, 2012
    Messages:
    217
    Likes Received:
    96
    It looks like you're running Wordpress. You need to make sure that you are running the most recent version as well as updated plugins. An exploit (no matter how secure the server is) can be taken advantage of through an outdated Wordpress installation or outdated plugin.

    Also, you need to review the files inside of your theme folder. I've seen many times an exploit and backdoor installed through a poorly coded theme or a theme downloaded from an unreputable source.
     
    • Like Like x 1
  4. techiezone

    techiezone
    uix_expand uix_collapse
    New Member

    Joined:
    May 15, 2013
    Messages:
    23
    Likes Received:
    2
    What software are you running on your site.

    Is it upto date?

    Did you check listing in Google? If your site is infected google also shows warning in search result. Just search for your website in google.

    Check the ftp, http access logs. Is anonymous ftp enabled on your website.
    Check files on your website for compromise.
     
  5. jeff123

    jeff123
    uix_expand uix_collapse
    Member

    Joined:
    Oct 15, 2010
    Messages:
    123
    Likes Received:
    7
    First of all check the email if it is from your hosting only and not from any people trying to look as your hosting.

    Dont send user name and password in email.

    Change all the passwords of hosting

    Delete all the ftp accounts created.

    Check on server if any old backup is available.

    if you have backup than put old backup as hosting companies normally keep them on server.

    If you have wordpress website

    update all the plugins
    update all the themes
    if wordpress update is available update it
    reset the password and make it strong
    make wp-config hidden
    change permissions of all files to read only

    Below are more steps which you can follow
    http://www.bestwebsitesdesigner.com/web-design/ways-to-secure-wordpress-website/#more-1446

    If it is an html website it will be mostly in index.html virus
    open it and in bottom of the page in the end or on the top you will see something in script tag

    delete that much part.

    Than also notify Google that malicious virus was removed else you may lose rankings.

    Hope this helps
     
    • Like Like x 1
  6. williamluke01

    williamluke01
    uix_expand uix_collapse
    Member

    Joined:
    Apr 7, 2012
    Messages:
    74
    Likes Received:
    1
    Fergal my hosting provider are just failed to cooperate with me as I was expecting, Anyway I have found some suspecious code in wp-config.php file and del it manually. I an not sure will it work or not. Still some one is continuously attempting to break my site's security. frequently getting emails, sharing with you.


    A host, 218.6.9.36(you can check the host at http://ip-adress.com/ip_tracer/218.6.9.36) has been locked out of the WordPress site at http://www.techblis.com until Thursday, May 16th, 2013 at 7:00:06 am UTC due to too many attempts to open a file that does not exist. You may login to the site to manually release the lock if necessary.

    jeff123 thanks for your useful advise, I will surely follow them all. Thanks BAF.
     
    • Like Like x 1
  7. Fergal

    Fergal
    uix_expand uix_collapse
    Premium Member
    Premium Member

    Joined:
    Nov 18, 2007
    Messages:
    10,575
    Likes Received:
    1,165
    Sounds like it might be time for you to move to a new host, perhaps one that concentrates on providing WordPress hosting?
     

Share This Page