1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Infected by malware

Discussion in 'Blogging' started by aimanfidaus, Jan 7, 2015.

  1. aimanfidaus

    aimanfidaus Newbie

    Joined:
    Dec 2, 2014
    Messages:
    1
    Likes Received:
    0
    Hello i just wanna ask a few questions.
    Recently i got a message from my hosting support, he said my web site infected by malware
    This is their message:

    Hi,

    Recently we found your account website MYDOMAINNAME is infected by malware trojan.

    Here is the example of file that infected by malware code.

    /majaseko/public_html/MYDOMAINNAME/machform/lib/swift-mailer/dependency_maps/search.php
    /majaseko/public_html/MYDOMAINNAME/machform/lib/swift-mailer/system.php
    /majaseko/public_html/MYDOMAINNAME/machform/export_entries.php
    /majaseko/public_html/MYDOMAINNAME/wp-includes/js/tinymce/skins/lightgray/fonts/options.php
    /majaseko/public_html/MYDOMAINNAME/wp-includes/class-wp-customize-manager.php
    /majaseko/public_html/MYDOMAINNAME/wp-includes/Text/Diff/Engine/ini.php

    There are total few hundred files of your account is infected.
    You have to delete your whole Wordpress site and do a fresh installation again ASAP.

    After do a fresh install, please patch your website script including theme and plugin to enhance your website script security.
    Thanks.

    This is the first time i face this kind of problem, please help me.
     
  2. Brad100

    Brad100 Supreme Member

    Joined:
    Nov 9, 2014
    Messages:
    1,348
    Likes Received:
    967
    Gender:
    Male
    Been running a few sites, never heard of it. Are you sure this is an official message? Some competitor could be trying to get your site deleted. If it really is a real message, what do you think caused it? So we can learn from it.
     
  3. blackmint

    blackmint Power Member

    Joined:
    Jun 8, 2013
    Messages:
    655
    Likes Received:
    340
    Location:
    BHW
    Are you using the Theme one you bought or downloaded it from sharing sites?
    If your answer is the 2nd one, may be your site is infected.
    Maybe encrypted code was placed on the files which uses server resources heavily.
     
  4. djw1606

    djw1606 Regular Member

    Joined:
    Jan 24, 2014
    Messages:
    435
    Likes Received:
    225
    Surely your first action should be to contact your hosting company and speak to someone directly, rather than looking for advice on a black hat forum.

    Contact your host and you may find that it is a bullshit e-mail, or if not they will at least be able to advise you.
     
  5. Gogol

    Gogol Jr. VIP Jr. VIP

    Joined:
    Sep 10, 2010
    Messages:
    3,476
    Likes Received:
    3,103
    Gender:
    Male
    This mail looks legit to me. Tell your providers to install clamav on your *nix and run a virus scan again. Delete the infected files and you might want to spend some time for security next time.

    I had written a tutorial on the same. Follow it ( you might need to do some customization, as the tutorial is more than 1 year old.. but the basic things are the same till date..) if you are familiar with php, or consult a specialist..

    http://www.blackhatworld.com/blackh...-wordpress-blog-hackproof-complete-guide.html
     
    • Thanks Thanks x 1