Anonymous,

Please Login or Register
Download Nuke Evolution Xtreme today for a CMS you can enjoy using and sharing with your friends!
[ Download Now ]
Forum Index  ·  Search  ·  Usergroups  ·  Edit your profile  ·  Members  ·  Login, Check Messages
Arcade  ·  Ranks  ·  Staff  ·  Statistics  ·  Board Rules  ·  Forum FAQ  ·  Log in

Search for at
Evolution-Xtreme Advanced Search


+  
Latest Site News   Next 5 >>  
 Forum   Author   Replies   Last Post 
File Repository 1.0.0 Released Announcements! Lonestar 0 Tue Apr 26, 2016 6:44 am
Lonestar View latest post
Image Repository Released Announcements! Lonestar 1 Mon Oct 27, 2014 7:39 pm
Lonestar View latest post
So what happened to us? Announcements! SgtLegend 0 Tue May 06, 2014 12:32 am
SgtLegend View latest post
[PROGRESS] Nuke Evolution Xtreme 2.0.9e Announcements! SgtLegend 2 Sun May 27, 2012 6:25 pm
SgtLegend View latest post
European Cookie Law Announcements! SgtLegend 0 Sat May 26, 2012 7:33 am
SgtLegend View latest post
   
Recent Topics   Next 15 >>  
 Forum   Author   Replies   Last Post 
Evo staff looking for some volunteers. Community Announcements coRpSE 20 Thu Jul 02, 2015 9:19 am
Depresjon2 View latest post
Evo Xtreme 2.0.9D Updated for PHP 5.6 General Support coRpSE 121 Thu Mar 23, 2017 3:57 pm
casterdon View latest post
[ MOD ] - Honeypot V2.2 AntiBot Module Security coRpSE 106 Tue Nov 22, 2016 11:30 am
coRpSE View latest post
Possible new Admin area layout Comments and Suggestions Lonestar 18 Wed Sep 14, 2016 11:37 am
Blackou View latest post
jQuery update General Support Lonestar 2 Wed May 11, 2016 4:49 pm
Charles64 View latest post
Deutsche Sprachdatei - german language files German DT50R 7 Thu Jan 28, 2016 7:04 am
DT50R View latest post
[FIX] Correct Cookie Settings (Invalid Session Error) Quick fixes killigan 110 Fri Mar 20, 2015 1:06 pm
Macdaddy View latest post
youtube videos in posts wont go full screen Modules PatPgtips 7 Mon Jul 24, 2017 9:42 am
coRpSE View latest post
Realm Designz General Support Thumpit 4 Thu Jul 20, 2017 6:13 pm
Thumpit View latest post
Billing/Invoicing Module Modules Thumpit 5 Wed Jul 19, 2017 2:29 pm
Thumpit View latest post
Sentinel IP2Country Update General Support bobdude 3 Sat Jul 15, 2017 9:26 am
coRpSE View latest post
a new local project www.wnyboards.com Link up skurge 0 Thu Jul 13, 2017 2:45 pm
skurge View latest post
Adding SSL certificate Security allrocknmetal 4 Sat Jul 08, 2017 4:48 am
allrocknmetal View latest post
Anyone know how to get hold of Noto? General Support Richmc 0 Fri Jul 07, 2017 5:18 pm
Richmc View latest post
General Info changes are not Saving once changed General Support Thumpit 2 Fri Jul 07, 2017 12:42 pm
Thumpit View latest post

Think I got hit with malware somehow

 
Post new topic    Reply to topic    printer-friendly view   Thank Post    Evolution-Xtreme Forum Index -> General Support
View previous topic :: View next topic  
Author Message
bobdude




Joined: Jan 21, 2017
Posts: 8

Reputation: 1


Status: Offline
PostPosted: Tue Mar 14, 2017 3:26 am Post subject: No icon Think I got hit with malware somehow Reply with quote

 I  received  an  email  today  with  the  following  information  from  my  hosting  ISP:
 
 Due  to  the  negative  impact  to  our  systems,  we've  removed  the  following  malware  from  your  files:
 
 html/blamable-filenames.php
 
 html/coordinated-indirect.php
 
 html/forgivable-glasswort.php
 
 Unfortunately,  our  scans  also  flagged  other  content  that  could  be  malicious,  but  due  to  the  nature  and  usage  of  these  files,  we  did  not  remove  them  as  this  should  be  reviewed  by  a  website  administrator  first.  We  recommend  you  log  in  to  your  hosting  account  to  review  the  following  content  and  remove  if  necessary:
 
 html/.htaccess
 
 html/admin/language/lang-english_new.php
 
 html/broadener-deb.php
 
 html/language/JAG_Whos_Been/lang-english_new.php
 
 html/modules/Calendar/includes/index_prevv1.php
 
 html/modules/Feedback/index_old.php
 
 html/modules/Reviews/admin/index_noversion.php
 
 html/themes/RD-BlueTech/scopbin/911006_backup.php
 
 html/_vti_pvt/writeto_new.php
 
 I  looked  at  my  .htaccess  file  and  it  points  to  coordinated-indirect.php  and  is  totally  different  than  what  I  had  set  up.  
 
 Please  let  me  know  what  I  should  do  to  fix  this.
Back to top
View user's profile Send private message
coRpSE
Xtreme Developer
Xtreme Developer
Site Admin
Site Admin
Support Team
Support Team



Gender: Gender:Male
Joined: Dec 24, 2008
Age: 36
Posts: 1373
Location: Back of your mind!!!
Reputation: 188.7
votes: 10
usa.png


Status: Offline
Web Control Panel: 11.42.0 (build 23)
PostPosted: Tue Mar 14, 2017 10:18 am Post subject: No icon Re: Think I got hit with malware somehow Reply with quote

 Well,  I  am  betting  most  of  those  files  don't  belong.
 
 How  long  has  your  site  been  up?
 What  custom  mods/modules  did  you  have  on  your  site?
 
 To  start,  I  probably  start  over  on  the  site  with  fresh  files.  You  probably  can  keep  your  DB,  but  I  would  start  with  clean  files.  Next,  I  would  go  over  and  make  sure  you  didn't  create  any  security  holes.  I  will  try  doing  another  video  tutorial  on  that  either  tonight  or  tomarrow.  If  you  like  to  talk  more  about  this,  feel  free  to  hop  on  my  TS3,  just  go  to  my  site  and  look  on  the  right  side  of  my  site  for  my  TS3  info.
 
 Somehow  they  got  on  your  site  and  put  files  through  out  your  site,  so  I  would  also  change  your  FTP  passwords  and  limit  who  has  access  to  that  to  trusted  people.  Change  also  your  cpanel  passwords  for  security.  Make  sure  certain  scripts  are  only  open  for  trusted  members  and  make  sure  Sentinel  and  the  HoneyPot  is  installed  or  configured  on  your  site.
 
 Last  tip,  and  this  goes  out  to  a  bunch  in  the  community,  never  leave  installer  scripts  on  your  site.  Always  delete  them  once  the  script  is  installed.  I  have  worked  on  a  few  site  where  I  found  like  10+  installer  scripts.
 
 But  overall,  I  would  get  rid  of  all  the  files  you  have  and  start  over  with  fresh  files.  The  only  file  I  wouldn't  delete  is  the  config.php,  for  that  has  all  your  DB  info,  so  at  least  make  a  backup  of  that  and  upload  all  fresh  files  excluding  the  install.php  and  the  install  folder,  then  just  edit  in  the  info  from  the  old  config.php  to  the  new  config.php.
Back to top
View user's profile Send private message Visit poster's website
bobdude




Joined: Jan 21, 2017
Posts: 8

Reputation: 1


Status: Offline
PostPosted: Wed Mar 15, 2017 5:50 am Post subject: No icon Re: Think I got hit with malware somehow Reply with quote

 My  site  has  been  up  since  2013  with  no  mods  installed.  But  I  think  I  found  out  what  I  did  or  actually  did  NOT  do.  After  my  last  install  I  never  updated  the  .htaccess  file  and  set  it  up  in  NukeSentinel.  
 
 So  far  I  went  through  and  deleted  all  of  the  extra  files  that  are  listed  in  my  initial  post.  I've  actually  updated  my  .htaccess  and  .staccess  files  and  installed  honey  pot  v2.2  along  with  updating  NukeSentinel.  But  since  you  have  recommended  starting  from  a  fresh  install  I'll  be  doing  that  this  weekend  just  to  make  sure.  
 
 One  error  that  I  kept  running  into  in  the  .htaccess  file  is  this  line:
 
 Options  All  -Indexes
 
 By  default  it  is  not  commented  out  and  was  causing  me  to  get  a  internal  error  500.  I  have  commented  it  out  and  it  seems  to  be  working  well  now.  Recommend  if  you  are  making  a  new  how-to  video  that  you  include  this  fix  as  it  was  driving  me  crazy  trying  to  figure  out  what  was  causing  my  site  to  not  work  while  setting  up  the  .htaccess  file  correctly.  
 
 The  other  line  that  I  couldn't  get  to  work  correctly  was  this:
 
 AuthUserFile  "/home/nuketest/.htpasswds/public_html/passwd"
 
 Am  I  supposed  to  change  this  to  something  else?  If  so  were  is  it  supposed  to  point  to?  Thank  you  for  your  time  and  assistance  with  this.
Back to top
View user's profile Send private message
Sponsor
webstorm.jpg
coRpSE
Xtreme Developer
Xtreme Developer
Site Admin
Site Admin
Support Team
Support Team



Gender: Gender:Male
Joined: Dec 24, 2008
Age: 36
Posts: 1373
Location: Back of your mind!!!
Reputation: 188.7
votes: 10
usa.png


Status: Offline
Web Control Panel: 11.42.0 (build 23)
PostPosted: Wed Mar 15, 2017 9:52 am Post subject: No icon Re: Think I got hit with malware somehow Reply with quote

 The  AuthUserFile  should  be  linked  to  your  .staccess  file.  You  will  get  the  code  to  put  in  its  place  when  you  set  up  Sentinel.  I  will  go  over  that  in  my  video.  I  am  about  to  do  that  now.  When  i  am  done  with  the  video,  I  will  post  the  link  here.
Back to top
View user's profile Send private message Visit poster's website
bobdude




Joined: Jan 21, 2017
Posts: 8

Reputation: 1


Status: Offline
PostPosted: Thu Mar 16, 2017 5:08 am Post subject: No icon Re: Think I got hit with malware somehow Reply with quote

 Sounds  good.  I  looked  at  my  .staccess  file  and  it  has  my  admin  name  and  a  string  of  random  code  after  it.
Back to top
View user's profile Send private message
coRpSE
Xtreme Developer
Xtreme Developer
Site Admin
Site Admin
Support Team
Support Team



Gender: Gender:Male
Joined: Dec 24, 2008
Age: 36
Posts: 1373
Location: Back of your mind!!!
Reputation: 188.7
votes: 10
usa.png


Status: Offline
Web Control Panel: 11.42.0 (build 23)
PostPosted: Thu Mar 16, 2017 11:16 am Post subject: No icon Re: Think I got hit with malware somehow Reply with quote

                                                   
bobdude  wrote  (View  Post):                
Sounds  good.  I  looked  at  my  .staccess  file  and  it  has  my  admin  name  and  a  string  of  random  code  after  it.                

 
 Thats  correct.  That  string  after  your  name  is  your  password  encrypted.
Back to top
View user's profile Send private message Visit poster's website
Sponsor
webstorm.jpg
bobdude




Joined: Jan 21, 2017
Posts: 8

Reputation: 1


Status: Offline
PostPosted: Sat Mar 18, 2017 6:14 am Post subject: No icon Re: Think I got hit with malware somehow Reply with quote

 Ah  OK,  I'm  not  sure  how  to  link  it  to  my  .staccess  file  so  looking  forward  to  see  how  to  make  sure  I'm  set  up  correctly  then.   Shocked
Back to top
View user's profile Send private message
coRpSE
Xtreme Developer
Xtreme Developer
Site Admin
Site Admin
Support Team
Support Team



Gender: Gender:Male
Joined: Dec 24, 2008
Age: 36
Posts: 1373
Location: Back of your mind!!!
Reputation: 188.7
votes: 10
usa.png


Status: Offline
Web Control Panel: 11.42.0 (build 23)
PostPosted: Sat Mar 18, 2017 12:00 pm Post subject: No icon Re: Think I got hit with malware somehow Reply with quote

 I  am  done  making  the  video,  I  just  have  to  edit  it.
 
 Update:  Here  you  go,  http://www.headshotdomain.net/modules.php?name=Tutorials&t_op=showtutorial&pid=41
Back to top
View user's profile Send private message Visit poster's website
bobdude




Joined: Jan 21, 2017
Posts: 8

Reputation: 1


Status: Offline
PostPosted: Sun Mar 26, 2017 12:21 am Post subject: No icon Re: Think I got hit with malware somehow Reply with quote

 Awesome,  thank  you  and  sorry  for  long  response  time.
Back to top
View user's profile Send private message
Sponsor
webstorm.jpg
bobdude




Joined: Jan 21, 2017
Posts: 8

Reputation: 1


Status: Offline
PostPosted: Sun Mar 26, 2017 2:04 am Post subject: No icon Re: Think I got hit with malware somehow Reply with quote

 OK,  watched  the  video.  Great  info  and  as  I  was  checking  my  settings  as  you  went  through  them  caught  one  that  I  hadn't  changed  yet  for  the  dump  directory  that  I  didn't  see  on  any  other  help  videos  that  I've  watched.  But  now  that  is  updated  as  well.
 
 Thanks  again  for  all  of  the  help.
Back to top
View user's profile Send private message
coRpSE
Xtreme Developer
Xtreme Developer
Site Admin
Site Admin
Support Team
Support Team



Gender: Gender:Male
Joined: Dec 24, 2008
Age: 36
Posts: 1373
Location: Back of your mind!!!
Reputation: 188.7
votes: 10
usa.png


Status: Offline
Web Control Panel: 11.42.0 (build 23)
PostPosted: Sun Mar 26, 2017 6:44 pm Post subject: No icon Re: Think I got hit with malware somehow Reply with quote

 No  problem.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:
Post new topic  Reply to topic   printer-friendly view   Thank Post Evolution-Xtreme Forum Index ->  General Support All times are UTC - 5 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You cannot download files in this forum

Related topics
 Topics   Replies   Author   Views   Last Post 
No new posts Brazilian language files Post - Translation in Progress 14 Todikovic 8212 Wed Nov 26, 2014 5:23 pm
Sonikboy View latest post
No new posts Help required to CHMOD files............ 10 Evil_Blue 3956 Wed Nov 24, 2010 3:59 pm
Evil_Blue View latest post
No new posts I have found a way to embed long text files... 2 Thomas 2386 Mon Nov 08, 2010 12:56 am
Thomas View latest post
No new posts Missing Files according to logging webhost 3 nemesisNL 2697 Sun Oct 17, 2010 5:09 pm
SgtLegend View latest post
No new posts How do i install 2 .sql files into my database??? 1 Evil_Blue 2376 Sun Sep 26, 2010 9:47 am
SgtLegend View latest post
 




Powered by phpBB © 2001, 2006 phpBB Group
EvoXtreme Theme by SgtLegend ©
Forums ©