Invision Community 4: SEO, prepare for v5 and dormant account notifications By Matt Monday at 02:04 PM
Steph Jensen Posted May 31, 2013 Posted May 31, 2013 Hi, I'm in trouble with a site that has a troyan attack I have no idea what to do, what not to tod and how to do, or not do it, so i'll have to pay somebody to do it. Is there anybody around with some spare time, and that wouldn't mind doing it for some $ (hopefully not too much?)
Dmacleo Posted May 31, 2013 Posted May 31, 2013 if nobody can tonight I can tomorrow, I just can't tonight though
Steph Jensen Posted May 31, 2013 Author Posted May 31, 2013 ok.. i'm probably going to bed anyway (its 1am here) so maybe get in touch tomorrow? i've downloaded all the files, and my avast is going crazy! it has already put over 100 files in guaranty!
wimg Posted May 31, 2013 Posted May 31, 2013 Did you try contacting Gary. here on the board? Just send him a PM or email: http://community.invisionpower.com/user/137679-gary/ He is not only a guru at optimizing a server running Invision software, but he knows a lot about security as well. He is in the UK BTW. Comes highly recommended! Warm regards, Wim
Steph Jensen Posted May 31, 2013 Author Posted May 31, 2013 Wim: message sent to the guru-Gary :) thanks!
Dmacleo Posted June 1, 2013 Posted June 1, 2013 fwiw it was this http://labs.sucuri.net/db/malware/mw-redirection121?v4 from a infected htaccess file in root (not /forum) from a leftover wordpress install . deleted files, locking down permissions and monitoring.
wimg Posted June 1, 2013 Posted June 1, 2013 :D I was about to post the link to sucuri as well. Warm regards, Wim
Dmacleo Posted June 1, 2013 Posted June 1, 2013 this all started from a wordpress issue. signatures. posts, tons of stuff (1200 files in cache/tmp) infected. cleaned up the files but the database is balking and its 1and1 which is so out of date is a travesty. importing db backup (taken before I did anything) to get it running. where 1and1 only allowed 1 database there was a wordpress and ip setup on the database. just matter of manually going through every table it looks like LOL
Dmacleo Posted June 1, 2013 Posted June 1, 2013 today I remembered why I detest 1and1 servers. ended up having to move hosts just so I could work the database. had 2500 or so bad files in cache folder. this WAS the base64_decode issue too. board had been updated regularly so not sure when it happened. I could not determine when the default.php file was first created.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.