Question: |
Hello. When you log in cPanel says that is not the correct credentials. |
Answer: |
Hello you have a lot of viruses on the website /home/alexdps2/public_html/wp-cron.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/plugins/LayerSlider/sampleslider/blog.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/plugins/revslider/inc_php/base_front.class.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/plugins/wordpress-flash-uploader/tfu/lang/start.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/plugins/sliding-social-icons/tpls/left_css.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/plugins/wp-super-cache/wp-cache-phase1.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/themes/oneup.theme_.1.6.0/framework/php/help.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/themes/oneup.theme_.1.6.0/single.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/themes/twentythirteen/inc/functions.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/themes/twentyeleven/images/headers/sql.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/themes/twentytwelve/page-templates/file.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/themes/twentytwelve/languages/press.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/themes/twentytwelve/tag.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/cache/supercache/stt-chiptuning.com/новости/gallery.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-content/uploads/2013/07/footer.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-blog-header.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/__MACOSX/wp-content/uploads/2013/config.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-includes/images/search.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-includes/http.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-includes/class-wp-image-editor-gd.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-includes/ID3/getid3.lib.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-includes/ID3/module.tag.id3v1.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-includes/ms-blogs.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-includes/Text/Diff/Engine/string.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/wp-includes/Text/Diff/Engine/search.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/vimax.md/wp-content/plugins/seo-ultimate/includes/inc.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/vimax.md/wp-content/themes/twentytwelve/search.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/vimax.md/wp-content/themes/twentytwelve/js/dump.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/vimax.md/wp-content/uploads/2014/11/help.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/vimax.md/wp-includes/js/tinymce/langs/view.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/vimax.md/wp-includes/ID3/article.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/vimax.md/wp-includes/Text/Diff/Renderer/diff.php: Php.Trojan.StopPost FOUND /home/alexdps2/public_html/vimax.md/wp-includes/locale.php: Php.Trojan.StopPost FOUND Please take action clean and check your websites, change all the passwords |
Answer: |
Details sent to sps-group@inbox.ru
|
Question: |
How to get a virus on the hosting? |
Answer: |
very simply, using the vulnerability of your website, or plugins for your site. and you just upload your users here uploads/2014/11/help.php this is the folder of your website. update the software engine and its modules. all modules taken Nena official source - remove. if the theme is also free and taken from neprofitnog source - udalyat |
Question: |
we have restored the backup ,but the sites don`t open |
Answer: |
became what is it? backup viruses? |
Question: |
The backup was made before the advent of viruses,and is the root of the site |
Answer: |
well, we just checked your account malware detect scan report for duna.hostven11.ru: SCAN ID: 123114-1645.709659 TIME: Dec 31 16:45:57 +0300 PATH: ./ TOTAL FILES: 17929 TOTAL HITS: 21 TOTAL CLEANED: 0
NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 123114-1645.709659 FILE HIT LIST: {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/shop/page/2/.options13.php {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80/%d1%87%d0%b8%d0%bf-%d1%82%d1%8e%d0%bd%d0%b8%d0%bd%d0%b3-chevrolet-s10$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80/%d1%87%d0%b8%d0%bf-%d1%82%d1%8e%d0%bd%d0%b8%d0%bd%d0%b3-chevrolet-s10$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80/%d1%87%d0%b8%d0%bf-%d1%82%d1%8e%d0%bd%d0%b8%d0%bd%d0%b3-volvo-s40-1-8$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80/%d1%87%d0%b8%d0%bf-%d1%82%d1%8e%d0%bd%d0%b8%d0%bd%d0%b3-hyundai-h-1-2$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80/%d1%87%d0%b8%d0%bf-%d1%82%d1%8e%d0%bd%d0%b8%d0%bd%d0%b3-infiniti-g37-$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80/%d1%87%d0%b8%d0%bf-%d1%82%d1%8e%d0%bd%d0%b8%d0%bd%d0%b3-lincoln-aviat$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80/%d1%87%d0%b8%d0%bf-%d1%82%d1%8e%d0%bd%d0%b8%d0%bd%d0%b3-audi-a6-c4-28$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80/%d1%87%d0%b8%d0%bf-%d1%82%d1%8e%d0%bd%d0%b8%d0%bd%d0%b3-toyota-camry-$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80/%d1%87%d0%b8%d0%bf-%d1%82%d1%8e%d0%bd%d0%b8%d0%bd%d0%b3-toyota-camry-$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80/%d1%87%d0%b8%d0%bf-%d1%82%d1%8e%d0%bd%d0%b8%d0%bd%d0%b3-lexus-es-v-35$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%bd%d0%b0%d1%8f-%d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%bd%d0%b0%d1%8f-%d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%bd%d0%b0%d1%8f-%d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%bd%d0%b0%d1%8f-%d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%bd%d0%b0%d1%8f-%d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%bd%d0%b0%d1%8f-%d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%bd%d0%b0%d1%8f-%d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%bd%d0%b0%d1%8f-%d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1$ {HEX}php.base64.v23au.183 : ./public_html/wp-content/cache/supercache/stt-chiptuning.com/%d1%82%d0%be%d0%b2%d0%b0%d1%80%d0%bd%d0%b0%d1%8f-%d0%ba%d0%b0%d1%82%d0%b5%d0%b3%d0%be%d1%80%d0%b8%d1$ {HEX}php.base64.v23au.183 : ./public_html/vimax.md/wp-content/plugins/tablepress/i18n/datatables/config.php =============================================== |
Question: |
You can save this backup, or you need the website to do from scratch? |
Answer: |
the SAI may vzlamyvaja using vulnerable components. |
Question: |
You think he deliberately failed? Or is it just a coincidence maybe!? Just so long worked and everything was fine... |
Answer: |
why intentionally. where did you get components? all of your components from the official site? and for the rest VAT http://blog.fox-it.com/2014/11/26/cryptophp-a-week-later-more-than-23-000-sites-affected/ |
Question: |
Good evening. You can find the password in https://144.76.171.228:1500/ispmgr Accidentally changed the password and wrote it down. |
Answer: |
Hello. the password sent to you together with details |
Question: |
you can to this address. dps-group@mail.ru this should be entered in place of the old, personal data. |
Answer: |
sent to dps-group@mail.ru |
Question: |
https://144.76.171.228:1500/ispmgr do Not open many tabs in the menu and fine. Writes Page nedostupnaya on https://144.76.171.228:1500/ispmgr?func=db&clickstat=yes temporarily unavailable or moved to a new web address. |
Answer: |
for isp panels such brakes are the norm, unfortunately. |
Question: |
Earlier all was normal, but now it is not possible to use it.. says page not available or moved to a new web address. |
Answer: |
Try to clear the browser cache. |