Question: |
Good day!Tell me, please, why a locked resource http://isfond.org/Спасибо! |
Answer: |
Hello this website server ip was blacklisted. The infected host name is \"isfond.org\", and this link has an example of the malicious redirect: \"http://isfond.org/sql.php?ey&i=3PSRUPe69uod2N4&AKA=2Sa\" Depending on the infection type, there may be dozens more malicious redirection pages under isfond.org.
WARNING As the link is known to malicious, browsing that link is at your own risk. we swept Your account for viruses and here is the report http://eventmh.ru/AI-BOLIT-REPORT-__-257412-09-06-2016_15-58.html You need to fix the problem - namely, remove viruses, upgrade sites, to change passwords mandatory to perform the updates or to disable all plugins listed as critically vulnerable. criticisms Vulnerabilities in scripts (6) /var/www/mroffice/data/www/communities-server.net/wp-content/plugins/igit-related-posts-with-thumb-images-after-posts/timthumb.php - RCE : TIMTHUMB : CVE-2011-4106,CVE-2014-4663 /var/www/mroffice/data/www/communities-server.net/wp-content/uploads/2015/03/cache.php - RCE : TIMTHUMB CVE-2011-4106,CVE-2014-4663 /var/www/mroffice/data/www/korzinka13.ru/wp-content/plugins/fancybox-for-wordpress/fancybox.php - CODE INJECTION : FANCYBOX /var/www/mroffice/data/www/korzinka13.ru/wp-content/plugins/contextual-related-posts/timthumb/timthumb.php - RCE : TIMTHUMB CVE-2011-4106,CVE-2014-4663 /var/www/mroffice/data/www/jobcabaret.ru/wp-content/plugins/igit-related-posts-with-thumb-images-after-posts/timthumb.php - RCE : TIMTHUMB CVE-2011-4106,CVE-2014-4663 /var/www/mroffice/data/www/tair-link.ru/wp-content/plugins/mobile-smart/includes/timthumb.php - RCE : TIMTHUMB : CVE-2011-4106,CVE-2014-4663 free advice, you can get the most at https://revisium.com/ru/order |
Question: |
Has resolved these problems. Unlock, please the resource |
Answer: |
What exactly did you do? Please describe. |
Question: |
Updated sites, changed passwords, turned off the plugins that are listed as critically vulnerable |
Answer: |
please Wait. |
Answer: |
the account is checked again. |
Question: |
Something please? |
Answer: |
verified by |
Answer: |
http://eventmh.ru/AI-BOLIT-REPORT-__-528926-09-06-2016_21-33.html |
Answer: |
/var/www/mroffice/data/www/altkm22.ru/wp-content/cache/hyper-cache/menedzhment.net/otdh-v-gretsii.html/lipyrrbyj.php /var/www/mroffice/data/www/communities-server.net/wp-includes/theme-compat/e5nbwvcxef.php /var/www/mroffice/data/www/altkm22.ru/wp-content/cache/hyper-cache/menedzhment.net/otdh-v-gretsii.html/vgaq.php wattala here - all virusy /var/www/mroffice/data/www/communities-server.net/wp-content/themes/internetmagic/inc/windows/sidebar-widescreen.php.suspected that you brought to our hosting from your old hosting the site was already infected. |
Question: |
Removed |
Answer: |
all deleted |
Question: |
Everything listed |
Answer: |
ie only 3 files? please report http://eventmh.ru/AI-BOLIT-REPORT-__-528926-09-06-2016_21-33.html |
Question: |
Yes |
Answer: |
You have deleted the infected files? |
Question: |
I need to remove 292 file? |
Answer: |
Yes, otherwise the website will be infected again. |
Question: |
Tell me then how to automate the process, or alternately manually delete? |
Answer: |
download all the files on your computer disconinuity this https://www.revisium.com/ai delete the infection and upload back |
Question: |
Thank you!For Your instructions cleaned two sites altkm22.ru avan-kinesis.ru - none does not work((( |
Answer: |
It is not our instruction. instruction is компаниейrevisium leader in the market of services protection from viruses. we do not know whether you kept when you upgrade. In any case your sites are infected with vulnerability but you shut down. |
Question: |
Good evening! On all domains updated wordpress. New installed all plugins from the official website. Unlock, please the resource http://isfong.org/.Иначе will be forced to abandon Your services.Thank you for understanding! |
Answer: |
please Wait. |
Answer: |
Hello . account proveryaetsya viruses |
Answer: |
photothat site http://isfond.org/AI-BOLIT-REPORT-__-774902-10-06-2016_18-49.html |
Question: |
Good evening! Once again you have blocked the account((( in ISPmanager can`t log on. |
Answer: |
Hello You again complaint and again because You server is in black spice. We have provided You with a full report of your sites. for some prichny you didn`t fix the problem? The infected host name is \"communities-server.net\", and this link has an example of the malicious redirect: \"http://communities-server.net/object.php?l—&hfRZPTncFp3Hu re1L&5X5Zn&6=wSAsz\" Depending on the infection type, there may be dozens more malicious redirection pages under communities-server.net. |
Question: |
Again, on all domains updated wordpress. New installed all plugins from the official website. And You even unblocked the site. What else can you do to not break sites to me? |
Answer: |
have you updated your website communities-server.net/ ? |
Question: |
Yes. Yesterday, updated everything that you have on the server. |
Answer: |
the file which was downloaded earlier complaint than yesterday this report fixing the problem |
Answer: |
why do you have on the website allowed the download of php файлов7 who is responsible for filling site? /var/www/mroffice/data/www/communities-server.net/wp-content/uploads/2016/04/css96.php this virus |
Question: |
Where is the report? And unlock, please ACC in ISpmanager. Will fix |
Question: |
I am responsible for the content of the site. |
Answer: |
here Otchet http://communities-server.net/AI-BOLIT-REPORT-__-904038-11-06-2016_21-59.html ispravlyati |
Question: |
Good day!Cleaned up the content of the site.Unlock, please the site. Thank you! |
Answer: |
Hello . because of this, site server 3 times was in the black list. are you sure that sun eprofile? the same applies to other sites. Check and fix issues at all. if needed we will perform a re-examination |
Question: |
At all eliminated. Do re-test. |
Answer: |
the sites are checked |
Answer: |
the report file AI-BOLIT-REPORT-__-657474-13-06-2016_09-32.html in the folder data/www/ |
Question: |
I have not worked this link, you`re blocked the server |
Answer: |
this is not a link. is the file name. ftp access You have opened |
Question: |
So what`s wrong? I uploaded a clean wordpress on all domains. Deleted the uploads folder and the damaged threads |
Answer: |
open access |
Question: |
so the file seems to be no malware of failovich there may not be. Again filled it with clean wordpress. Unlock, please the sites. |
Answer: |
unlocked |
Question: |
http://clip2net.com/s/3z8k2CShttp://clip2net.com/s/3z8k5mO |
Answer: |
please give links. no screenshots |
Question: |
Names доменовaltkm22.rucommunities-server.neteventmh.ruisfond.orgkorzinka13.rutair-link.ru |
Answer: |
these sites are not raboatyut vsledsvii errors on sites. have you installed them ? access to them is fully open. |
Question: |
All work except - communities-server.netОн still locked |
Answer: |
please Check now.
|