| Question: |
Hello. Hosting an attack, there are infected sites. What time is the last backup of all your sites? Is there any virus scan and bendory? |
| Answer: |
Hello. On the mirrors, saniraty two antivirus. You can order skanirovanie in your personal account, section \"Check the website for viruses\". |
| Question: |
And betapam what? Need backup for a month ago, he is? While not rollback. |
| Answer: |
backup is **April. |
| Question: |
To **-wow is ? |
| Answer: |
no. |
| Question: |
We have files of all sites there were file folders of wp*wp*.php*.php and others. Files contain *** encoding. What to do in this case? |
| Answer: |
so Your site is infected. we can check it out at irony |
| Question: |
I believe that you need to check sites for viruses and change all passwords. infected files to remove. Is it possible to check the database? |
| Answer: |
files are checked. clarify what is meant by the test databases? perhaps one of your sites is infected and has infected the rest. expect a report after an investigation. |
| Answer: |
http://qa***.com/AI-BOLIT-REPORT-__-******-**-**-****_**-**.html here`s the cause of Your problem. Your problem is in a vulnerable joomla! criticisms
a Vulnerability in the scripts (**)
/home/vizorby/public_html/nashremont.by/modules/mod_je_camera/thumb.php - RCE : TIMTHUMB CVE-****-****,CVE-****-****
/home/vizorby/public_html/nashremont.by/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/abvet/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/abvet/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/venox.by/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/venox.by/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/venox.by/libraries/joomla/filesystem/file.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/venox.by/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tinybrowser.php - NI : TINYMCE : http://www.exploit-db.com/exploits/****/
/home/vizorby/public_html/myasoopt.com/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/remontturbiny/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/avtomix/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/avtomix/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/venor.by/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/venor.by/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/venor.by/libraries/joomla/filesystem/file.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/venor.by/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tinybrowser.php - NI : TINYMCE : http://www.exploit-db.com/exploits/****/
/home/vizorby/public_html/bodypower.by/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/bodypower.by/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/mialsan.by/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/mialsan.by/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/mialsan.by/libraries/joomla/filesystem/file.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/mialsan.by/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tinybrowser.php - NI : TINYMCE : http://www.exploit-db.com/exploits/****/
/home/vizorby/public_html/ggservis.by/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/ggservis.by/libraries/joomla/session/session.php.backup.txt - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/sneganet.by/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/sneganet.by/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/sneganet.by/libraries/joomla/filesystem/file.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/avtomiks.by/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/vizorby/public_html/avtomiks.by/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions problem description https://revisium.com/ru/blog/joomla_rce_all_versions_affected.html |
| Question: |
Quickly cleaned up the sites, perhaps even something left. Please change all passwords to hosting and send a new one. Thanks for the help |
| Answer: |
to Change the passwords you can yourself in spanel in the section Change password. Also password changes for billing in the billing section of the Profile. |
| Question: |
Thanks, will do |
| Answer: |
ok
|
