cain38 Posted December 6, 2012 Share Posted December 6, 2012 a. lequireb. http://stevie.heliohost.org/c. lequireandcompany.com It's a simply wordpress install with little to no activity to promote an art gallery. no spamming or anything I'm aware of has taken place. Link to comment Share on other sites More sharing options...
cl58 Posted December 6, 2012 Share Posted December 6, 2012 Your account was suspended for hosting malware. I have unsuspended your account, but you must remove all malicious files from your account within 24 hours. If after 24 hours from the time of this post you still are hosting malware, you will be resuspended Link to comment Share on other sites More sharing options...
cain38 Posted December 7, 2012 Author Share Posted December 7, 2012 So what was detected and where is it? In the HTML source code? google webmaster tools isn't reporting any malware. how do i find what you found? Link to comment Share on other sites More sharing options...
Shinryuu Posted December 7, 2012 Share Posted December 7, 2012 Make a backup of your files and run them through scanners, we use Clam AV, if you think we got a false positive feel free to file a report with them. Link to comment Share on other sites More sharing options...
cain38 Posted December 7, 2012 Author Share Posted December 7, 2012 so its not some sort of xss inserted into the templete of some sort of sql injection? it's actually a file thats being hosted? Link to comment Share on other sites More sharing options...
Shinryuu Posted December 7, 2012 Share Posted December 7, 2012 XSS involves redirecting a request to another server hosting the actual malicious code and SQL injection only gives an attacker access to the database, they could insert a malicious bit of code but usually injection is just used to track the information in the database or drop data from it, not to plant code. Link to comment Share on other sites More sharing options...
cain38 Posted December 7, 2012 Author Share Posted December 7, 2012 thanks, I'll scan now. Is there anything you guys have that can tell me the exact file thats suspicious? Link to comment Share on other sites More sharing options...
Shinryuu Posted December 7, 2012 Share Posted December 7, 2012 An Admin would have to tell you that, I don't have any inside knowledge and Mods are only told the virus signature found. Link to comment Share on other sites More sharing options...
cain38 Posted December 7, 2012 Author Share Posted December 7, 2012 also, I tried downloading my site via ftp and i guess it opened too many simultaneous connections and looks like my ip is blocked. I can get to my site and the cpanel over my phone's mobile network but through my wi-fi it looks like im blocked. is that possible that my home ipaddress go blocked or throttled? Link to comment Share on other sites More sharing options...
Shinryuu Posted December 7, 2012 Share Posted December 7, 2012 If you opened too many connections too fast our DoS protection probably booted you, try again in a few minutes. The best way to grab a backup is to just do a /public_html backup through cPanel. Link to comment Share on other sites More sharing options...
Krydos Posted December 7, 2012 Share Posted December 7, 2012 thanks, I'll scan now. Is there anything you guys have that can tell me the exact file thats suspicious? /home/lequire/public_html/wp-content/themes/easel/images/404.php Link to comment Share on other sites More sharing options...
cain38 Posted December 7, 2012 Author Share Posted December 7, 2012 I've run the entire backup through multiple virus and malware scanners. how do i get in touch with the admins to find out exactly what they found? Link to comment Share on other sites More sharing options...
Shinryuu Posted December 7, 2012 Share Posted December 7, 2012 thanks, I'll scan now. Is there anything you guys have that can tell me the exact file thats suspicious? /home/lequire/public_html/wp-content/themes/easel/images/404.php 404.php in your WordPress themes folder apparently has some bad code. Link to comment Share on other sites More sharing options...
Krydos Posted December 7, 2012 Share Posted December 7, 2012 how do i get in touch with the admins to find out exactly what they found?I already told you what was found... Link to comment Share on other sites More sharing options...
Krydos Posted December 7, 2012 Share Posted December 7, 2012 Your account is showing up as clean now. Thank you for taking care of this. Link to comment Share on other sites More sharing options...
Recommended Posts