| Question: |
What happened,turned off all the sites? |
| Answer: |
Hello. you were sent notice of wsomen your sites.
|2014-04-13 13:17:41 CEST |3237395 |defaced_site |IP
|europa99.ru |http://europa99.ru/wow.htm
|2014-04-13 13:29:40 CEST |3237418 |defaced_site |IP
|9792133.ru |http://9792133.ru
|2014-04-13 13:29:40 CEST |3237419 |defaced_site |IP
|cosmo-zubki.ru |http://cosmo-zubki.ru
|2014-04-13 13:29:40 CEST |3237420 |defaced_site |IP
|bevzyk.ru |http://bevzyk.ru
|2014-04-13 13:29:40 CEST |3237421 |defaced_site |IP
|pupisheva.ru |http://pupisheva.ru
|2014-04-13 13:29:40 CEST |3237422 |defaced_site |IP
|zubki86.ru |http://zubki86.ru
|2014-04-13 13:29:40 CEST |3237423 |defaced_site |IP
|surgutweb.com |http://surgutweb.com
we received a mourning here data center you have not responded. the sites were blocked . that would unblock sites, you must cleanse s OLT viruses. Let ip with which you will work and we will open You the access |
| Question: |
the results 2ip.ru my attr |
| Answer: |
access is opened |
| Question: |
all of the index files is this доменzonehmirrors.ohdoi action from your backup changed files index Mar here. just I had previously not faced. |
| Answer: |
change files and change all passwords. you can also check the sites antivirusa http://www.revisium.com/ai |
| Question: |
okay. will do so. how to change the files. and change the passwords. I`ll let you know that you have opened all IP and I can check all the sites for your reference. |
| Answer: |
Yes, of course, report when finished. we additionally check Your antivirus account that`s what you have /home/atits/public_html/images/stories/3xp.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/icon0.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/explore.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/icon0.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/petx.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/3xp.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/0d4y.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/icon0.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/petx.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/explore.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/icon0.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/3xp.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/gohack.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/petx.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/explore.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/explore.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/explore.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/3xp.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/icon0.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/icon0.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/3xp.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/explore.gif: PHP.Hide FOUND
/home/atits/public_html/images/stories/sekip.gif: PHP.Hide FOUND
/home/atits/public_html/europa99.ru/images/stories/sekip.php: PHP.Hide FOUND |
| Question: |
all files in the index changed. passwords changed.open sharing.. will check on your links to the sites for viruses. |
| Question: |
your test showed the presence of the file europa99.ru/images/stories/sekip.php I just went on the FTP and there except indexnow file, only graphics. php ( sekip.php) директорииeuropa99.ru/images/stories not at all but the index |
| Question: |
open sites to test on http://www.revisium.com/ai/ |
| Answer: |
we can open the sites only for the specified ip |
| Question: |
I do not understand. you sites aren`t going to open at all? I again povtoryayu which referred to your antivirus does not exist. it is possible to learn very simply . go to the directory visible to your антивирусомhtml/europa99.ru/images/stories/sekip.php and if I understand you correctly,then all sites will be closed forever?and there are at least 7 pieces. |
| Question: |
all the files on the sites I changed from a backup-archive for the month of March. and you don`t want to open to the public sites? yato happened? |
| Answer: |
you are all passwords changed?change the passwords of database users |
| Answer: |
the way the files hacker you and left. files ganteng.gif иx.gif |
| Answer: |
if you have sites on joomla, uninstall JCE component and take all safety measures http://www.joomla-docs.ru/Безопасность |
| Question: |
Rate my ip |
| Answer: |
access is opened |
| Question: |
all gifs from the Director specified removed |
| Answer: |
if you have sites in joomla, remove the component JCE and take all security measures
http://www.joomla-docs.ru/Безопасность and once we open the General access |
| Question: |
for example JCE MediaBox is vsplyvayuschee photos here примерhttp://atits.EN/index.php/template-features/litsenziiесли to remove them. I will send to hell.7 years working component,and now has perestali. they are on all sites. I have 6 accounts (sites not considered,but a dozen or two for sure there is)atits - all sites are not работаютpanglos - all sites работаютmontag86 - all sites работаютstvrekl - all sites работаютmontag86 - all sites работаютfotoart - all sites работаютср961546 - all sites работаютredkensi - all sites, rabotayet what I remember . and everything is you and all Jumla.atits just not working. if you remove Jce I need to change jobs.do so. all restores on the account from a backup, for the month of March. second there is no escape. JCE I clean not going. |
| Answer: |
We do not ... stored so ancient backups. JCE component is vulnerable to hacking of your website. |
| Question: |
atits backup is in the main Director I have. |
| Question: |
backup-4.2.2014_22-58-12_atits.tar.gz |
| Answer: |
please Wait. |
| Answer: |
Berea OSU then check! and update on that, which is not vulnerable. http://www.securitylab.ru/vulnerability/424641.php |
| Answer: |
http://blogin.by/topics/105 http://coding.dp.ua/joomla/212-uyazvimost-redaktora-jce.html I t d |
| Question: |
so nothing has changed,backup are not restored? |
| Answer: |
please Check now.
|
| Question: |
Everything is fine.remain |
| Answer: |
Since the issue has been resolved, we are closing this ticket. In case, in Your opinion, an unsatisfactory answer, You can always create a new one or reopen this ticket with my answer. |
