| Question: |
hi. letters for confirmation of registration do not come |
| Answer: |
Hello. what box didn`t get any mail. let a specific mailbox |
| Question: |
tested. are some . and Google and mailru |
| Question: |
there is a box on your domain [email protected] his letters go , he also not come |
| Answer: |
You asked for a specific case. we cannot check the logs on klyuchevym words - Google and stored also please let me know how you configured sending mail from the site . there should be only configured smtp method with one of your boxes, though [email protected], u is method php mail() for your account is blocked due to the frequent distribution of spams from your account |
| Question: |
clear. it was an infection. but I kind of cleaned up. Google more alerts not sending. So maybe unlocks. I don`t know how to configure, use default settings |
| Answer: |
go to menu settings and select a method of smtp/ set up as a mail client on your computer. login - your account and password box |
| Question: |
I use Drupal. where are these settings? not found |
| Answer: |
use modules https://www.drupal.org/project/smtp or https://www.drupal.org/project/smtp read more туттhttp://3wt.info/EN/manual/smtp |
| Question: |
but, they were just normal settings back? |
| Answer: |
|
| Question: |
hmm .. right now. a lot of viruses? and how them to clean? I already removed and new installed |
| Answer: |
January 10 /home/xussain/x8c.ru/sites/all/modules/views/tests/templates/inc.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/is01.ru/modules/simpletest/tests/drupal_system_listing_compatible_test/search.php: Php.Malware.Mailbot-1 FOUND 17 /home/xussain/mail/new/1421095715.H55480P99669.tisza.hostven02.ru,S=17063: Win.Trojan.Generickd-1879 FOUND
/home/xussain/mail/new/1421177835.H134279P39542.tisza.hostven02.ru,S=18690: Win.Trojan.Upatre-149 FOUND
/home/xussain/mail/new/1421102699.H192197P581577.tisza.hostven02.ru,S=17174: Win.Trojan.Generickd-1879 FOUND 22 /home/xussain/is01.ru/sites/all/modules/views/tests/taxonomy/themes.php: Php.Malware.Mailbot-1 FOUND 1 February
/home/xussain/mail/new/1422630162.H816549P862420.tisza.hostven02.ru,S=22318: Win.Trojan.Agent-840277 FOUND
/home/xussain/mail/new/1422629151.H155903P775384.tisza.hostven02.ru,S=21758: Win.Trojan.Agent-840277 FOUND
this is just something that was found this year , most found - spam virus |
| Question: |
here it is home/snike/hack/xussain/defines.php: Php.Malware.Mailbot-1 FOUND can`t find |
| Question: |
/home/xussain/mail/new/ deleted all these tests too boudlal |
| Answer: |
I mean pogulyali? they were there really? these files antivirus removes it immediately when. but the problem is not that removed, the removal does NOT solve the problem, the files will appear again. you just found {CAV}Php.Trojan.StopPost : /home/xussain/is01.ru/sites/all/modules/ckeditor/ckeditor/_source/plugins/menu/ckeditor/ckeditor/plugins/link/images/system.php |
| Question: |
where do they come from? after Google sent me a warning. I changed passwords and boudlal that found |
| Question: |
and I boudlal folder completely |
| Answer: |
vozmojno not deleted it, maybe the theme or plugin uses vulnerable or worse - is initially infection. what plugins and theme do you use? as castelnovate engine? we have seen that in mail you have Trojans your computer is infected, too |
| Question: |
antivirus on your computer is. how to determine a theme or plugin?update, as soon as the message comes up about updating |
| Answer: |
we have just a few anti-viruses on them records You already provided. |
| Question: |
hi. just checked your antivirus. What was found was removed. Turn on me post. Shit I SMTP I can not adjust |
| Question: |
can I connect to Yandex mail?more precisely, if I connect, will mail to work? |
| Answer: |
Yes, of course, You can connect to Yandex mail for your domain. change the MX records |
| Question: |
and enable PHP mail can`t? |
| Answer: |
you need to check Your account |
| Question: |
check, please. But for me these problems with the post insoluble) |
| Answer: |
verified account |
| Answer: |
you only day before yesterday antivirus removes viruses, spam distribution /home/xussain/x8c.ru/sites1/all/modules/imce/tpl/admin.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/x8c.ru/sites1/all/modules/imce/tpl/admin.php: moved to `/root/clam-research/infected/admin.php.003`
/home/xussain/is01.ru3/sites/all/modules/ckeditor/ckeditor/lang/header.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/is01.ru3/sites/all/modules/ckeditor/ckeditor/lang/header.php: moved to `/root/clam-research/infected/header.php.004` just found
/home/xussain/mail/new/1413903572.H528553P109974.tisza.hostven02.ru,S=13429: Heuristics.Phishing.Email.SSL-Spoof FOUND
/home/xussain/mail/new/1413824674.H76081P932652.tisza.hostven02.ru,S=9005: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/xussain/mail/new/1414068529.H692277P191680.tisza.hostven02.ru,S=19516: Win.Trojan.Generickd-1194 FOUND
/home/xussain/mail/new/1416341575.H978545P958441.tisza.hostven02.ru,S=10487: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/xussain/mail/new/1416333880.H644328P267219.tisza.hostven02.ru,S=10673: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/xussain/mail/new/1416346669.H639130P321833.tisza.hostven02.ru,S=11184: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/xussain/mail/new/1416342569.H833541P1043832.tisza.hostven02.ru,S=10948: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/xussain/mail/new/1416331242.H611995P20303.tisza.hostven02.ru,S=11033: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/xussain/mail/new/1416341959.H907127P990279.tisza.hostven02.ru,S=10426: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/xussain/mail/new/1416520929.H965923P414002.tisza.hostven02.ru,S=10602: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/xussain/mail/new/1417016457.H110549P858477.tisza.hostven02.ru,S=19000: Win.Trojan.Generickd-1495 FOUND
/home/xussain/mail/new/1418671985.H405492P353242.tisza.hostven02.ru,S=17544: Win.Trojan.Upatre-140 FOUND
/home/xussain/mail/new/1418668841.H567587P73883.tisza.hostven02.ru,S=18383: Win.Trojan.Upatre-140 FOUND
/home/xussain/mail/new/1418926996.H993921P790889.tisza.hostven02.ru,S=17027: Win.Downloader.Upatre-1 FOUND
/home/xussain/mail/new/1418924477.H763800P598573.tisza.hostven02.ru,S=17096: Win.Downloader.Upatre-1 FOUND
/home/snike/hack/xussain/defines.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/x8c.ru/sites/utf.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/x8c.ru/sites/default/files/u407/ini.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/sites/default/files/resize/pictures/ajax.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/sites/default/files/pictures/themes.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/sites/all/libraries/ckeditor/_source/plugins/smiley/start.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/sites/all/modules/views/tests/node/plugin.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/sites/all/modules/lightbox2/css/dir.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/sites/all/themes/respond/templates/region--content.tpl.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/sites/all/themes/acq_sea/forums.tpl.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/archive/sites/all/modules/pathauto/menu.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/archive/sites/all/modules/transliteration/data/utf.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/archive/modules/filter/dirs.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/archive/modules/field/xml.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/archive/modules/openid/tests/options.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/x8c.ru/archive/modules/user/tests/options.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/archive/modules/simpletest/db.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/x8c.ru/sxd/backup/config.php: Php.Trojan.StopPost FOUND
/home/xussain/is01.ru1/sites/all/libraries/ckeditor/_source/plugins/iframe/images/stats.php: Php.Trojan.StopPost FOUND
/home/xussain/is01.ru1/sites/all/modules/media/file_entity/file_entity.api.php: Php.Trojan.StopPost FOUND
/home/xussain/is01.ru1/sites/all/modules/relevant_content/field-relevant-content.tpl.php: Php.Trojan.StopPost FOUND
/home/xussain/is01.ru1/sites/all/modules/ctools/ctools_plugin_example/plugins/content_types/inc.php: Php.Trojan.StopPost FOUND
/home/xussain/is01.ru1/sites/all/modules/entity/modules/dirs.php: Php.Trojan.StopPost FOUND
/home/xussain/is01.ru1/sites/all/modules/pux/pux_settings/search.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/is01.ru1/sites/all/modules/ckeditor/ckeditor/plugins/uicolor/dialogs/themes.php: Php.Trojan.StopPost FOUND
/home/xussain/is01.ru1/sites/all/modules/ckeditor/ckeditor/_source/plugins/templates/templates/ajax.php: Php.Trojan.StopPost FOUND
/home/xussain/is01.ru1/sites/all/themes/omega/alpha/templates/section.tpl.php: Php.Trojan.StopPost FOUND
/home/xussain/is01.ru1/sites/all/themes/mmm2/block.tpl.php: Php.Trojan.StopPost FOUND
/home/xussain/is01.ru1/misc/xml.php: Php.Trojan.StopPost FOUND
/home/xussain/x8c.ru/sites/all/modules/views/tests/templates/inc.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/is01.ru/modules/simpletest/tests/drupal_system_listing_compatible_test/search.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/mail/new/1421095715.H55480P99669.tisza.hostven02.ru,S=17063: Win.Trojan.Generickd-1879 FOUND
/home/xussain/mail/new/1421177835.H134279P39542.tisza.hostven02.ru,S=18690: Win.Trojan.Upatre-149 FOUND
/home/xussain/mail/new/1421102699.H192197P581577.tisza.hostven02.ru,S=17174: Win.Trojan.Generickd-1879 FOUND
/home/xussain/is01.ru/sites/all/modules/views/tests/taxonomy/themes.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/mail/new/1422630162.H816549P862420.tisza.hostven02.ru,S=22318: Win.Trojan.Agent-840277 FOUND
/home/xussain/mail/new/1422629151.H155903P775384.tisza.hostven02.ru,S=21758: Win.Trojan.Agent-840277 FOUND
/home/xussain/mail/new/1424188960.H470853P258675.tisza.hostven02.ru,S=19149: Win.Trojan.Agent-846194 FOUND
/home/xussain/mail/new/1424450897.H984825P50748.tisza.hostven02.ru,S=19807: Win.Trojan.Upatre-178 FOUND
/home/xussain/mail/new/1424347322.H27419P732884.tisza.hostven02.ru,S=17734: Win.Trojan.Generickd-2208 FOUND
/home/xussain/mail/new/1424452032.H997858P137326.tisza.hostven02.ru,S=19813: Win.Trojan.Upatre-178 FOUND
/home/xussain/mail/new/1424432285.H457654P702739.tisza.hostven02.ru,S=28199: Win.Trojan.Upatre-179 FOUND
/home/xussain/is01.ru/sites/all/modules/ckeditor/ckeditor/plugins/wsc/option.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/mail/new/1425055970.H770455P253360.tisza.hostven02.ru,S=31806: Win.Trojan.Upatre-186 FOUND
/home/xussain/mail/new/1424954595.H646684P634580.tisza.hostven02.ru,S=18339: Win.Trojan.Injector-13319 FOUND
/home/xussain/mail/new/1424955560.H452468P708033.tisza.hostven02.ru,S=18047: Win.Trojan.Injector-13319 FOUND
/home/xussain/mail/new/1425056959.H471017P321881.tisza.hostven02.ru,S=31659: Win.Trojan.Upatre-186 FOUND
/home/xussain/mail/new/1425312269.H9875P941816.tisza.hostven02.ru,S=20036: Win.Trojan.Upatre-187 FOUND
/home/xussain/mail/new/1425548088.H85281P980996.tisza.hostven02.ru,S=27204: Win.Trojan.Downloader-64860 FOUND
/home/xussain/mail/new/1425521473.H688770P484035.tisza.hostven02.ru,S=15511: Heuristics.Phishing.Email.SpoofedDomain FOUND
/home/xussain/mail/new/1426068000.H130385P91835.tisza.hostven02.ru,S=20387: Win.Trojan.Upatre-551 FOUND
/home/xussain/mail/new/1425997736.H825930P293986.tisza.hostven02.ru,S=25660: Word.Trojan.Upatre-3 FOUND
/home/xussain/mail/new/1425898522.H622545P287155.tisza.hostven02.ru,S=20542: Word.Trojan.Upatre FOUND
/home/xussain/mail/new/1426081635.H363105P303191.tisza.hostven02.ru,S=23755: Win.Trojan.Upatre-548 FOUND
/home/xussain/mail/new/1425915650.H292665P578142.tisza.hostven02.ru,S=19002: Win.Trojan.Upatre-549 FOUND
/home/xussain/x8c.ru/sites1/all/modules/imce/tpl/admin.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/is01.ru3/sites/all/modules/ckeditor/ckeditor/lang/header.php: Php.Malware.Mailbot-1 FOUND
/home/xussain/mail/new/1426781223.H271768P211627.tisza.hostven02.ru,S=24262: Win.Trojan.Upatre-582 FOUND
log data
clam-research/2014-10-23.log
clam-research/2014-10-29.log
clam-research/2014-11-19.log
clam-research/2014-11-22.log
clam-research/2014-12-08.log
clam-research/2014-12-17.log
clam-research/2014-12-22.log
clam-research/2014-12-30.log
clam-research/2015-01-10.log
clam-research/2015-01-17.log
clam-research/2015-01-22.log
clam-research/2015-02-01.log
clam-research/2015-02-18.log
clam-research/2015-02-21.log
clam-research/2015-02-25.log
clam-research/2015-03-02.log
clam-research/2015-03-09.log
clam-research/2015-03-13.log
clam-research/2015-03-25.log
|
| Question: |
and what to do? I don`t know where they come from |
| Answer: |
you need to check the sites, to remove unnecessary modules to check the consistency of your website`s files to the originals. no one sounded that it`s easy to do this difficult job. |
| Question: |
hi. verify the account. completely removed everything. and reset |
| Answer: |
the test is run. but we can only check antivirusni and they are 100% the result do not give. what engine your website? what modules do you use? |
| Question: |
a lot of drupalnode |
| Answer: |
license \"hacked\" using? |
| Question: |
the modules are all legitimate |
| Answer: |
expect Your issue. |
| Answer: |
and the theme site? |
| Question: |
network marketing basically |
| Answer: |
no, the standard theme custom made or downloaded from a free site? in themes can also be Trojans |
| Question: |
themes standard. color, font size change itself |
| Answer: |
the computer then check for possible theft of ftp passwords BSOD |
| Question: |
passwords changed. comp checked |
| Answer: |
Cho have you found? |
| Question: |
not found. before not found. as the viruses the sites get do not understand |
| Answer: |
if you were a virus then due to the fact that the site wasn`t cleaned until the end this may be the reason, if website ispolzuyutsya vulnerable modules or the version of the engine vulnerable |
| Question: |
well right now everything is fine. Turn on mail |
| Answer: |
you recently had a virus the log from 2015-04-09.log /home/xussain/public_html/x8c.ru/modules/color/help.php: Php.Malware.Mailbot-1 FOUND and method of working via smtp You will always be available and never blocked Yong. only php mail You have deleted the website x8c.ru ? |
| Question: |
removed all. only on new files being uploaded. |
| Question: |
smtp fails to configure |
| Answer: |
access granted |
| Question: |
I found this file ftp://[email protected]/public_html/x8c.ru/credentials-onekyani-user1_552631.txt this content - user passworduser1_552631 zmSChFijJZxussain fVpd9u84M3откуда? so they steal passwords? |
| Answer: |
this is Your file and Your passphrase? |
| Question: |
it turns out I uploaded) I make sure no viruses, modules and distribution took from drupalgardens, turns out it`s their file |
| Answer: |
You know what him going to do? |
| Question: |
deleted already |
| Answer: |
ok
|
| Question: |
hi. You mail another breakdown? |
| Answer: |
welcome. we never mail You did not disable |
| Question: |
php mail write that the letter did not come. checked and I have not received |
| Answer: |
how did You check? the box sent? mail You have not disconnected never. was previously disabled php mail but now it is available to You |
| Question: |
I`ll check again |
| Answer: |
ok
|
| Question: |
sorry for the trouble. apparently the client got it wrong. checked carefully) the letter came |
| Answer: |
ok
|
