| Question: |
when entering the site, issued the following information:United States of TURKISHfb.com/pages/Virtual-Hacker/381445221991389?fref=tshacked by VIRTUALЧто does that mean? |
| Answer: |
Zdravstvuite. this means that the site has been hacked. antivirus found in your account the following files /home/alhim/public_html/images/67dzh.php: PHP.Hide FOUND
/home/alhim/public_html/images/ettt4.php: PHP.Hide FOUND
/home/alhim/public_html/images/stories/explore.php: PHP.Hide FOUND
/home/alhim/public_html/icon0.php: PHP.Hide FOUND
/home/alhim/.cagefs/tmp/bds: Backdoor.Linux.Small FOUND
/home/alhim/public_html/images/1/backdoor.txt: Trojan.Perlscript FOUND
/home/alhim/public_html/images/dz.php: PHP.Hide FOUND
/home/alhim/public_html/cmd.php: PHP.Shell-FOUND 21
/home/alhim/public_html/bca |
| Question: |
how to fix it? |
| Question: |
and how did it happen? |
| Answer: |
when you found a problem? |
| Question: |
today. we ended the payment for the hosting. the website just did not work. today was the payment for the hosting and visit the website above message. it had something to do with the delay in hosting? |
| Answer: |
hacked by VIRTUAL message is not related to the delay, only burglary. please indicate what address you are seeing this message, |
| Question: |
http://alhim-tlt.ru/. and you can see who and where was the hacking? can I restore the site? |
| Answer: |
who is a hacker, where it doesn`t matter, the hackers are not working with home computer, using the vulnerability of the website engine home/alhim/public_html/images/67dzh.php: PHP.Hide FOUND
/home/alhim/public_html/images/ettt4.php: PHP.Hide FOUND
/home/alhim/public_html/images/stories/explore.php: PHP.Hide FOUND
/home/alhim/public_html/icon0.php: PHP.Hide FOUND
/home/alhim/.cagefs/tmp/bds: Backdoor.Linux.Small FOUND
/home/alhim/public_html/images/1/backdoor.txt: Trojan.Perlscript FOUND
/home/alhim/public_html/images/dz.php: PHP.Hide FOUND
/home/alhim/public_html/cmd.php: PHP.Shell 21 FOUND the folder /images/ there should be nothing but image files. Hacker you uploaded into this folder the shell script and then have the deed of violence. If you know the date when your site worked poprobuem we find an earlier backup by address http://alhim-tlt.ru/ we see an error of the site, your chosen message, we do not see |
| Question: |
not sure when the last time it worked, half a year ago exactly worked |
| Answer: |
unfortunately for these backup files hacked. Try to upload the native file index.php in the root of your website folder from the distribution engine. |
| Question: |
I`m not a programmer. i.e. I need most is somewhere to do something that worked? we did another man this site will try to find it, me him and explain what you wrote. he will need or even some information? and you have nothing else to do? this should be done only from us? |
| Answer: |
the Programmer to be it`s not necessary. You have the engine distribution from which you performed the installation? It should be ficl index.php in the root folder of the engine, you just need to copy this file by FTP to your site root folder and thereby replace the infected file. |
