New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Stop using WordPress and/or Windows.
Delete everything and reinstall from clean backup.
This happened once to someone I know and they got a plan with sucuri really quick and had it cleaned.
Sucuri scans every 12 hours and manually cleans any infected files. I would restore from clean backup and secure everything though to save money. But if that fails, give sucuri a chance.
@Ole_Juul we just did. thanks!
@SSDBlaze we'll try them if we are again infected with malware. Thanks for the suggestion.
Windows? Why not keep it updated? Tell me which OS cannot be infect by Malware?
MacOS!111111
It's true though.
If it's a linux server (you don't say), you can install Maldet and set it to monitor your files and also run a scan looking for code injected into php files etc. On a cpanel server you can set it to suspend any account that it finds compromised. If you want instructions on how to install it let me know :-)
The biggest problem is not how to clean it but how to secure it. If you got infected once, you will get infected everytime the hacker wants if you do not locate the file.
Go with Securi those guys do a great job.
Just update it. Most of websites I have seen hacked have been terribly outdated, with lazy admin sticking to saying "if it works, don't touch it".
And concerning cleaning: I do not recommend it. You can never be absolutely sure every backdoor has been closed, every trace cleaned. Better collect evidence and re-install from backup. And then start digging deep into logs, trying to understand what has happend, why, and how...
Be sure that your backup has not being infected by the malware that hit you. Sucuri suggestion is still a good suggestion!
Maldet with Clamav and if it's Wordpress just download a whole new Wordpress install and use your original database and wp-uploads folder (after making sure it's clean).
I'll send you a file to run, it's safe since there's "no malware on Mac"
Get a CXS license (60$ one time and well worth it) and use it instead of maldet and setup cxswatch to keep an eye on your files for exploit. Also you should consider installing mod_security if you haven't already to protect you against injection and other such attacks.
https://configserver.com/cp/cxs.html
my 2 cents.
Cheers!
a) Yes, there are always these arguments, and of course there is things that are encountered on macOS (mostly adware that is very easily removed) that some may consider malware, nonetheless it is much, much, much less common.
b) you prove my point, "send a file to run" - of course if I choose to run an executable I can get malware on any OS, but this is an action I chose to do and not a background / hidden process as is common on Windows (that is 99% likely to get malware if you miss 1 week of updates).
I'm not a "LET god" but if I may ...
Get into the habit of providing useful problem reports (e.g. tell the OS, version, etc)!
Often in security related situations time is of the essence and you should a) not waste by making people ask even basic info and b) not piss off professionals who might be quick to click away when a "help" cry doesn't provide even basic info.
Just to clear things out, the website is hosted on a cpanel shared. This is the website of the company im working for and it is their decision to put it on a shared environment. Let us not hate them on that one.
Might there be any other suggestions here aside from restoring backups and sucuri (before we proceed with contacting sucuri) ?
perhaps I can be of assistance?
But I need more info, you can PM if you don't want it in the open....
CMS or what type of site is it ?
Unless the users are restricted with suPHP or similar, and the permissions are locked down to that user- there's not a lot to be done beyond looking through all shared environments for exploitable WordPress (99.9% of the cause), and known signatures of other known Linux/{$OS} built malware/copied shells/etc.
Long story short: Take the easiest path first and move it away from everything else THEN begin repair. Obviously, everything there is now suspect and needs to be analyzed.
As stated above.
Blaspheme.
Enlightenment.
You're suggesting that a site be hosted on a Mac?