| Question: |
*.*.uahttp://*.*.*http://*.*.*/ and so on |
| Answer: |
Hello. `ll find amps. Your issue is being dealt with. |
| Answer: |
Domain avtograff.in.ua does not exist others sites again, You are infected. What are the measures taken last time to clean the sites and predetermine re-infection? |
| Answer: |
unfortunately, in became also all infected. |
| Answer: |
your account proveryaetsya for viruses. after verification you will be given a report |
| Question: |
Yesterday morning the sites were still working, now all are not working |
| Question: |
Backup on Vera evening You? |
| Answer: |
this backup, we have no here Otchet http://avtograff.dp.ua/AI-BOLIT-REPORT-__-******-**-**-****_**-**.html criticisms
a Vulnerability in the scripts (**)
/home/domboga*/public_html/avtograff.dp.ua/wp-content/themes/arctica/AIT/Framework/Libs/timthumb/timthumb.php - RCE : TIMTHUMB CVE-****-****,CVE-****-****
/home/domboga*/public_html/avtograff.dp.ua/wp-content/plugins/revslider/inc_php/image_view.class.php - NI : REVSLIDER : http://www.exploit-db.com/exploits/*****/
/home/domboga*/public_html/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/domboga*/public_html/libraries/joomla/filesystem/file.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/domboga*/public_html/vitaly/detailing.dp.ua/wp-content/themes/arctica/AIT/Framework/Libs/timthumb/timthumb.php - RCE : TIMTHUMB CVE-****-****,CVE-****-****
/home/domboga*/public_html/vitaly/detailing.dp.ua/wp-content/plugins/revslider/inc_php/image_view.class.php - NI : REVSLIDER : http://www.exploit-db.com/exploits/*****/
/home/domboga*/public_html/avtograff.in.ua/assets/modules/evogallery/js/uploadify/uploadify.php - NI : UPLOADIFY : CVE: ****-****
/home/domboga*/public_html/nta.in.ua/assets/modules/evogallery/js/uploadify/uploadify.php - NI : UPLOADIFY : CVE: ****-****
/home/domboga*/public_html/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tinybrowser.php - NI : TINYMCE : http://www.exploit-db.com/exploits/****/
/home/domboga*/public_html/plugins/editors/fckeditor/editor/filemanager/connectors/uploadtest.html - NI : FCKEDITOR : http://www.exploit-db.com/exploits/*****/ & /exploit/***
/home/domboga*/public_html/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions why from the last time you did not eliminate vulnerability? we have already cited report your sites are hacked because they have open. |
| Question: |
Just the access to everything is just me, others have different admins. But I have the access to lots of things: websites to *.*.*cms are the same ,but access to betapam there for ** days), farms SharePoint, systems upravleniya business processes, * systems and ....Neither of which do not break and do not infect. Before moving to You-for five years, any departure from Google or complaints. You advised friends (before moving, like a test VPS) - so they have now the same problem. Maybe I do not understand? What is the last backup You have? |
| Question: |
Hacked all at once? |
| Answer: |
they have already very long been all hacked. you have repeatedly provided reports about existing vulnerabilities. you focus not want to see nxj your sites vulnerable show again criticisms
a Vulnerability in the scripts (**)
/home/domboga*/public_html/avtograff.dp.ua/wp-content/themes/arctica/AIT/Framework/Libs/timthumb/timthumb.php - RCE : TIMTHUMB CVE-****-****,CVE-****-****
/home/domboga*/public_html/avtograff.dp.ua/wp-content/plugins/revslider/inc_php/image_view.class.php - NI : REVSLIDER : http://www.exploit-db.com/exploits/*****/
/home/domboga*/public_html/libraries/joomla/session/session.php - RCE : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/domboga*/public_html/libraries/joomla/filesystem/file.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
/home/domboga*/public_html/vitaly/detailing.dp.ua/wp-content/themes/arctica/AIT/Framework/Libs/timthumb/timthumb.php - RCE : TIMTHUMB CVE-****-****,CVE-****-****
/home/domboga*/public_html/vitaly/detailing.dp.ua/wp-content/plugins/revslider/inc_php/image_view.class.php - NI : REVSLIDER : http://www.exploit-db.com/exploits/*****/
/home/domboga*/public_html/avtograff.in.ua/assets/modules/evogallery/js/uploadify/uploadify.php - NI : UPLOADIFY : CVE: ****-****
/home/domboga*/public_html/nta.in.ua/assets/modules/evogallery/js/uploadify/uploadify.php - NI : UPLOADIFY : CVE: ****-****
/home/domboga*/public_html/plugins/editors/tinymce/jscripts/tiny_mce/plugins/tinybrowser/tinybrowser.php - NI : TINYMCE : http://www.exploit-db.com/exploits/****/
/home/domboga*/public_html/plugins/editors/fckeditor/editor/filemanager/connectors/uploadtest.html - NI : FCKEDITOR : http://www.exploit-db.com/exploits/*****/ & /exploit/***
/home/domboga*/public_html/administrator/components/com_media/helpers/media.php - NI : https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions it`s a vulnerability which had to be eliminated. in became also have a lot of files with viruses. your sites are vulnerable to hacking. you even pereveli wamukota - without the vulnerabilities of your sites will break. using a hacked site to break a nearby website in your account and so on ad infinitum until you`re all correct |
| Question: |
Okay, okay: yesterday morning the sites worked. You have a backup? There are options for site recovery? |
| Answer: |
we have a full backup files from the ** of September, it is already all infected, the virus you have there on any date. we can vosstanovit files from that backup but the issue with the vulnerability is not solve. you saw the report. until you correct that vulnerable - will break |
| Question: |
Please restore this backup without email,and give a link to download it. From him we have to analyze and treat |
| Answer: |
we vosstanovili can scan again. because of the size of the site it will take a couple of hours. |
| Question: |
OK. thank you. Give a link plz. What would I not do backup now once again |
| Answer: |
link to what? we have restored files from backup. |
| Question: |
Link to backup. I would like to work with him locally |
| Answer: |
you can make a backup in your control panel to work with him momentuem this https://revisium.com/kb/scan_site_windows.html but before to treat , understand vulnerabilities and their sakray you can also connect https://virusdie.ru/ they have one day free. this is after all pre-clear and close all. |
| Question: |
\"but before to treat , understand vulnerabilities and sakray them\" - I don`t quite understand how close. Now updated the scripts to change the passwords. If there is a link to the manual - I would be grateful |
| Answer: |
here are a few of your uyazvimostey http://www.federacel.ru/blog/uyazvimost_plagina_revslider_privela_k_zarageniyu_******_wordpress_sajtov_novym_virusom/goods_***/ https://revisium.com/ru/blog/joomla_rce_all_versions_affected.html for the rest we recommend you to consult the professionals for solution of this question |
| Question: |
Good afternoon. Now all the renamed directory sites (the site in Rute disabled long ago). Anyway * rolls. View that the processes loading the server. I changed the folder paths of the sites are not available, and the processes loading the server, please see |
| Answer: |
please Wait, your issue is being dealt with. |
| Answer: |
the virus again virus domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** **** ? S Sep** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** **** ? S Sep** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** **** ? S Sep** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** **** ? S Sep** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ******* *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ******* *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** **** ? S Sep** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** **** ? S Sep** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** **** ? S Sep** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** **** ? S Sep** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ****** *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ******* *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php
domboga* ******* *.* *.* ****** ***** ? S **:** *:** /usr/bin/php /home/domboga*/public_html/rnt.in.ua/f*jx/save/sexthe.php |
| Question: |
Sooner than **e backup no |
| Question: |
? |
| Answer: |
no. moreover, it does not make sense because the infected files you with dates throughout the year. you don`t have paying any attention to their site, so it is impossible to do. the sites need to monitor regularly to poerate and update. we have an order of scan, you can always make use of it, it`s completely free |
| Question: |
And yet in bekapai makes sense and have standards! Or do you not know it? You help more than I can not, I understand correctly? |
| Answer: |
what kind of standards are we talking about? show these standards. bekapai you are all infected. the meaning of Taha bekapai no. you have too long delayed the problem |
| Question: |
What are backups??? Let there anything, are there? Before **. To ** just worked sites! |
| Answer: |
We ostavlyali yesterday and everything worked. solve problems with viruses you will have to vosstanavlivat sites every few minutes. |
| Question: |
Worked only the main page. Any transitions not working on the same Dataline |
| Answer: |
you had vosstanovit original .htaccess rules redirect |
