May 31, 2013 in Classic self-hosted technical help
I'm in trouble with a site that has a troyan attack
I have no idea what to do, what not to tod and how to do, or not do it, so i'll have to pay somebody to do it.
Is there anybody around with some spare time, and that wouldn't mind doing it for some $ (hopefully not too much?)
if nobody can tonight I can tomorrow, I just can't tonight though
i'm probably going to bed anyway (its 1am here)
so maybe get in touch tomorrow? i've downloaded all the files, and my avast is going crazy!
it has already put over 100 files in guaranty!
Did you try contacting Gary. here on the board?
Just send him a PM or email: http://community.invisionpower.com/user/137679-gary/
He is not only a guru at optimizing a server running Invision software, but he knows a lot about security as well. He is in the UK BTW.
Comes highly recommended!
Warm regards, Wim
Wim: message sent to the guru-Gary :) thanks!
fwiw it was this
from a infected htaccess file in root (not /forum) from a leftover wordpress install .
deleted files, locking down permissions and monitoring.
:D I was about to post the link to sucuri as well.
this all started from a wordpress issue.
signatures. posts, tons of stuff (1200 files in cache/tmp) infected.
cleaned up the files but the database is balking and its 1and1 which is so out of date is a travesty.
importing db backup (taken before I did anything) to get it running.
where 1and1 only allowed 1 database there was a wordpress and ip setup on the database.
just matter of manually going through every table it looks like LOL
today I remembered why I detest 1and1 servers.
ended up having to move hosts just so I could work the database.
had 2500 or so bad files in cache folder.
this WAS the base64_decode issue too. board had been updated regularly so not sure when it happened. I could not determine when the default.php file was first created.
This topic is now archived and is closed to further replies.
Started 4 hours ago
Started Friday at 02:08 PM
Started 3 hours ago