Need some help

4 views
Skip to first unread message

Daisie

unread,
Nov 16, 2008, 11:57:30 PM11/16/08
to stopbadware
Hi , I'm not an expert on php source codes to indentify the problem
but I do need some help to clean this Malware infection off my site.
I've compaired time stamps and reviewed most of the index souce codes
and cant seem to find any suspecious entries. If someone can help me
identify any suspicious code on my site so i can clean it up, i would
be very grateful. Thank you.

SteveW

unread,
Nov 17, 2008, 7:47:36 PM11/17/08
to stopbadware
If you don't mind posting the name of the site, someone could take a
look.

Also, if you follow a link to your site from the Google SERP page, it
will take you to a warning page. Follow the link there to your Safe
Browsing Diagnostics page, which will give you some clues.

Ben Agar

unread,
Nov 17, 2008, 8:07:02 PM11/17/08
to stopb...@googlegroups.com
Try looking at your index.php file. After the <HTML> tag. That's where
I found mine.

2008/11/17 Daisie <keyboar...@gmail.com>:
Message has been deleted

Daisie

unread,
Nov 17, 2008, 8:39:06 PM11/17/08
to stopbadware
Ah, I found the Malware...They created a .htaccess file which
redirected their site. I did find it suspicious and opened it to check
but it was blank. Later on I checked it again but remembered how
tricky they can be and scrolled a few pages down to find the code
hiding there. Thanks anyway.


On Nov 18, 12:19 pm, Daisie <keyboard.ma...@gmail.com> wrote:
> Sorry, The page is rightflooring.com.au. No issues with the site for
> past 2 years until yesterday. I did go though the the Safe browsing
> diagostics but Google wasn't very specific on the problem. We do have
> a clean backup to restore from if all else fails. Thanks in advance.
> > > be very grateful. Thank you.- Hide quoted text -
>
> > - Show quoted text -- Hide quoted text -
>
> - Show quoted text -

Anirban Banerjee

unread,
Nov 17, 2008, 8:55:25 PM11/17/08
to stopb...@googlegroups.com
good for you :-)

-A

SteveW

unread,
Nov 18, 2008, 2:30:04 AM11/18/08
to stopbadware
Maybe this is a new trend. There's been a flurry of these recently.

UseShots

unread,
Nov 18, 2008, 6:58:34 AM11/18/08
to stopbadware
Daisie,

Did you notice the file owner of that .htaccess file? Was that you
or some other user? If it was you (your user account), your password
is most likely compromised. If it was not you, you should harden
permissions to such critical file (if you don't use .htaccess, just
create an empty read-only file).

Denis
http://www.UnmaskParasites.com
Reply all
Reply to author
Forward
0 new messages