| Question: |
Good evening!The site does not work http://inails.com.ua/!It seems that he was hacked. Access via FTP, but in the directory /satera discovered a number of unknown files:/satera/tmp/upxx.php/satera/tmp/vip.php/satera/tmp/check.php/satera/x.php/satera/x.txtСЃ creation date 03,06,16 perhaps there are others. |
| Answer: |
Hello the sites are checked for viruses |
| Answer: |
the report file in the folder public_html/AI-BOLIT-REPORT-__-573179-05-06-2016_15-11.html |
| Question: |
Thanks for the report, and that it is necessary that the site has restored its work? |
| Answer: |
what engine website? you udalili? |
| Question: |
Sites on joomla, I did not delete. |
| Answer: |
the site has a critical vulnerability which makes it easy to hack a website http://inails.com.ua/AI-BOLIT-REPORT-__-73977-06-06-2016_06-24.html here is a description of the problem and methods of its solution https://revisium.com/ru/blog/joomla_rce_all_versions_affected.html you have all the sites have this vulnerability. here is the report for all sites in Your account http://inails.com.ua/AI-BOLIT-REPORT-__-828722-06-06-2016_00-14.html we recommend to contact for a free consultation in https://revisium.com/ru/order |
| Question: |
Good day!Where can I change the password on the website http://ukrline.com.ua |
| Question: |
I meant the password for the billing |
| Answer: |
Hello.
To change the password in cPanel, You need to authorize it and through the Change password. To change the password of the billing system, use the Profile.
Please set complex passwords with numbers and upper case letters.
|
| Question: |
How and when in Your opinion the sites were infected, because recently in early April on the website sds.co.ua already had problems with phishing content, but then You claimed that a virus on the website no it is not infected I just had stolen passwords. The passwords I`m following Your recommendations has changed, but now he drew a different problem which You are not particularly a comment, and send me to solve it for a fee from a third party. You bakapit files on servers, please make a rollback to a date when you think the files were not infected and advise which files I needed to replace that would close the vulnerability (or that it would be logical to replace them yourself) of what you write in the link You provided as I understand them there is not much for Joomla. After all, you as I am interested, what would the malicious code is not walked you have on the servers? |
| Answer: |
we have no information when was Your website infected. backup was done and sat on the sun, it already contained malicious files. your sites contain known critical ujazvimosti you ka administrator site needs time to close and update the sites. It is the duty of the administrator, is here website, hosting does not operate the sites. You have been given direct advice there is a description of the problem and methods of solution
https://revisium.com/ru/blog/joomla_rce_all_versions_affected.html we recommend to contact for a free consultation in https://revisium.com/ru/order |
| Question: |
And earlier backups there? |
| Answer: |
on the old backup server may have backups for aware a month. but the vulnerability since December. we few easy RZ did a mailing to everyone. http://www.securitylab.ru/vulnerability/477642.php |
| Question: |
Regarding the recommendation to seek a free consultation, so I applied immediately. Described below are all free of charge) counselling (4 site it will be 4900*4=19600 RUB) and most importantly, if you imagine that I even could afford to pay that kind of money, then it wouldn`t work because you have all the backups are infected.For information here is their response:\"Information on our service below. Before treatment you will need to ask the hoster to restore the site from backup to the latest stable version when it is correctly open in the browser. During the cleaning of the site, our specialists have to monitor the process of the work, so in case of an error on our side, we would hasten to correct. On account of a few sites? You need to check and protect others. Otherwise, a non-secure site again can hack and infect the entire account. The cost of protection services (if the site has no malicious code) is 2400 or 2900 rubles; the cost depends on the CMS that runs the website, and the type of website. Price fixed: numbers here. Information on the service (if needed and treatment, and protection - that is, the complete list of works on security)You will provide \"Comprehensive security\" including: 1. Diagnosis of the site (checking of scripts/CMS) for malicious code and viruses; analysis of current security problems and possible causes. 2. Treatment, removal of malicious code. The installation of protection against burglary (this one-time procedure, its action indefinitely). Read more about the defense. 3. The test and exclusion of the site from \"black\" lists, search engines and antivirus software. 4. A progress report with recommendations for the safe administration of the site in the future.Timeframe: up to 48 hours. Cost: RUB 3900 or 4900 RUB (per one site = 1 CMS). The cost depends on the CMS that runs the site and type of site: online shop it or not, all prices are fixed and reflected in the contract offer (on the last page). The contract attached. Three sites 10% discount. Technical support warranty: 6 months.To get started with your site we will need: access to the hosting control panel (the panel address, username and password) or SSH access. FTP is not enough for work. Access the admin panel of the CMS installed on the site (the address bar, username and password) to confirm the payment. Information on the payment options given on our website. Please note that you must ensure that no other sites on your hosting account, except those for which the work will be conducted. Otherwise unverified and unprotected websites can threaten the security of the cured. \"Well, maybe it`s worth a try to roll back to the January version of the files, You to something relied when 7,04,16 argued that the site is not infected and the problem is only that I have stolen the passwords. But I really like something I`ll try to figure out how to use the exploit. |
| Answer: |
please wait. |
| Answer: |
we then checked the specific website and not the entire account . also anti-virus databases are constantly updated. to recover the data will be available only tomorrow when the server will bring warehouse |
| Question: |
Will wait until tomorrow.Thanks for that. |
| Answer: |
we will notify You when you can rebuild. |
| Question: |
Let`s clear the restore I seem to have dealt with the vulnerability of the work site resumed. |
| Answer: |
You have to scan the website? |
| Question: |
Yes, preferably a whole account. |
| Answer: |
account is scanned |
| Answer: |
a full report on all account http://inails.com.ua/AI-BOLIT-REPORT-__-281743-06-06-2016_22-47.html |
