1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware infected my Website

Discussion in 'Blogging' started by nabeelshams, Feb 14, 2012.

  1. nabeelshams

    nabeelshams Power Member

    Joined:
    Jan 23, 2012
    Messages:
    586
    Likes Received:
    133
    Gender:
    Male
    Location:
    Karachi, Pakistan
    Home Page:
    Hello guyz, Two days back some Malware infected my Website and whenever somebody tries to open it, it gives a warning and doesnt let the visitor fall on my site. I tried to take help of google webmaster tools but it doesnt verify me as the site owner even after trying all the options(I couldnt try one option of od something related to domain editing thing coz i dont know what to do, though). Can anybody help me out?

    warfarebiological dot com
     
  2. d_gan99

    d_gan99 Newbie

    Joined:
    Feb 19, 2011
    Messages:
    17
    Likes Received:
    0
    It happen to me many time especially using wordpress or joomla platform with unknown source of plugin and template.

    1. Try ftp in to your account and view the .php (especially index.php) files if it being injected with a string of javascript code on the first line. Which will redirect your visitor the the malware.

    2. Look at .httaccess in the root folder if hacker have inject a redirect code in the "center" of the files. Need to carefully scroll to the center as they hide it there.

    I hope this help.
     
  3. nabeelshams

    nabeelshams Power Member

    Joined:
    Jan 23, 2012
    Messages:
    586
    Likes Received:
    133
    Gender:
    Male
    Location:
    Karachi, Pakistan
    Home Page:
    I installed a an antivirus plugin, it scanned the template and came up with some detections but didnt automatically clean it. I dont know php, what should i do now if it needs to be edited?
     
  4. volund

    volund Senior Member

    Joined:
    Jan 24, 2010
    Messages:
    1,158
    Likes Received:
    728
    Occupation:
    Trying to make a buck or two
    Location:
    NW Arkansas
    If you do not know enough php to be able to identify what does and does not belong you really are not going to be able to do much.

    Do you have a backup of all your files? All your post and other info is in the database so you can replace your site files very easy. If you have a backup ( and you damn well should) just delete all the files from the server and upload your clean ones.

    Time elapsed 10 minutes and now your site is clean.

    If you do not have a clean backup then you need to do the following.

    1. get the database info from your config.php file. easiest way to do this is via the cpanel file manager since you really do not want to download any of the files to your computer. Copy and past the info to a txt file.

    2. Get the name of the theme and any plugins you are using.

    3. Go to the word press site and download a fresh copy of wordpress and a copy of all your plugins and theme.

    4. unzip everything and then up load the wordpress files, then your theme and plugin files.

    5. Take the database info from your text file and add it to your config.php file in the correct places. upload to your server.

    Your site is now clean and running. Elapsed time probably about an hour to an hour and a half.
     
  5. SpmHosting

    SpmHosting Newbie

    Joined:
    Feb 9, 2012
    Messages:
    6
    Likes Received:
    0
    Hello try this
    Login via ftp. And look for the files & folders that were edited recently. Next you know what to do :)
     
  6. dr.pepper

    dr.pepper Regular Member

    Joined:
    Feb 13, 2012
    Messages:
    275
    Likes Received:
    97
    Post the offending code on here and let us help you out.
     
    • Thanks Thanks x 1
  7. nabeelshams

    nabeelshams Power Member

    Joined:
    Jan 23, 2012
    Messages:
    586
    Likes Received:
    133
    Gender:
    Male
    Location:
    Karachi, Pakistan
    Home Page:
    Thanx friend. I really need ur help.

    I have an antivirus plugin that detects some lines as offending.

    In themes/hmtpro5/functions.php

    1. include_once(ABSPATH . WPINC . '/class-simplepie.php');
    2. include_once(ABSPATH . WPINC . '/class-simplepie.php');
    3. move_uploaded_file( $_FILES["logo_img7"]["tmp_name"], $logopath);
    4. move_uploaded_file( $_FILES["fevi_img7"]["tmp_name"] , $fevipath);
    5. add_filter('single_template', create_function('$t', 'foreach( (array) get_the_category()

    And In /themes/hmtpro5/post_temp_plg.php

    1. $template_data = implode('', file( $template ));

    Now I dont know where is the problem in these lines as i dont know anything but some html. This was my first site and this all happened. Plz Help me.
     
  8. lisalpercy

    lisalpercy Newbie

    Joined:
    Feb 13, 2012
    Messages:
    28
    Likes Received:
    1
    Why don't you just restore your site to an earlier backup ?
     
  9. nabeelshams

    nabeelshams Power Member

    Joined:
    Jan 23, 2012
    Messages:
    586
    Likes Received:
    133
    Gender:
    Male
    Location:
    Karachi, Pakistan
    Home Page:
    Dont have backup
     
  10. nightbat

    nightbat Regular Member

    Joined:
    May 24, 2010
    Messages:
    304
    Likes Received:
    210
    Occupation:
    Magician
    Location:
    Ici!
    Do what @volund suggested above - that's top advice. Else, your best option is to hire/get professional help.

    Good luck, hope this works out.
     
  11. grav6

    grav6 Junior Member

    Joined:
    Jan 30, 2012
    Messages:
    169
    Likes Received:
    54
    Location:
    England
    Without seeing the files, it's hard to say.

    However, your "anti-virus" plugin detected a problem with files for a specific template. You could just delete the offending template (switch to another template first) through Wordpress. Ensure that the folder has been removed entirely. There are several Wordpress security plugins (for example WP Security Scan). You should scan your WP installation to see if any vulnerabilities are found. Either the theme came with it (or the theme/Wordpress was exploited to inject it). Even if it finds nothing, that's not to say the site is definitely clean. You are best following Volund's steps.

    To get a better idea of suspect files, do as SpmHosting mentioned, access via ftp and check the recently modified dates.

    I checked your site. It's the Javascript at the very top in the html source.

    Try switching theme and then viewing the source to see if it's still there.
     
  12. ivictus

    ivictus Regular Member

    Joined:
    Jan 26, 2010
    Messages:
    223
    Likes Received:
    31
    Ask your hosting company if they can restore from back up. Usually they have one and will do it for you free. If not search via ftp for all recently changed files. Usually you can easily tell what the virus call is.
     
  13. resistancee

    resistancee Registered Member

    Joined:
    Jun 22, 2011
    Messages:
    99
    Likes Received:
    40
    Clean your PC first with Malware Malbytes & Combofixer then get your FTP log's and clear all the edited files by the intruding IP.
     
  14. plantacja

    plantacja Junior Member

    Joined:
    Oct 12, 2007
    Messages:
    127
    Likes Received:
    27
    I had malware on my sites few times.. first of all you must clean your pc.. then i deleted all ftp accounts on cpanel.. changed cpnael password.. its not good that you cant confirm ownership on google webmaster tool.. because you would be able to see infected pages/malware code..

    How to clean your site? I have hostings with hostgator.. simply chat with someone from technical support.. and they will clean all of your sites in no time :) of course for free..

    Here is result from online scanner:

    Code:
    http://sitecheck.sucuri.net/results/warfarebiological.com
    In order to unflag your site as dangerous.. you must somehow confirm ownership on google webmster tool... because there you have an option to recheck your site..