| Question: |
Hello. Tell me why on all of my sites there was a message \"Account blocked\". An hour ago everything worked. Anything illegal did not do. And I can \"log on to the control panel (cPanel)\" writes \"Incorrect credentials\". Tell me what the problem is. Thanks in advance. |
| Answer: |
Hello. from your account`s slalom spam on account of viruses NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 072815-2039.585590
FILE HIT LIST:
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-includes/images/wlw/include.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-includes/SimplePie/Source.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-includes/css/admin.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-includes/default-filters.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-includes/js/tinymce/skins/wordpress/images/start.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-includes/js/tinymce/skins/wordpress/files.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-includes/js/tinymce/plugins/wpeditimage/inc.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-includes/js/tinymce/plugins/compat3x/gallery.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-includes/js/tinymce/plugins/hr/system.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-includes/js/tinymce/plugins/wpgallery/file.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-includes/pomo/po.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-content/uploads/2014/08/list.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-content/themes/twentyeleven/comments.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/themes/twentyeleven/colors/admin.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-content/themes/twentyeleven/tag.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-content/themes/twentyfourteen/languages/option.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/themes/twentyfourteen/category.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-content/themes/twentyfourteen/sidebar-footer.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-content/themes/twentythirteen/css/object.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/themes/twentythirteen/sidebar.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/themes/twentythirteen/content-status.php
{CAV}Php.Malware.Mailbot-1 : /home/olesy05/public_html/stylishone.ru/wp-content/themes/encounters-lite/fonts/header.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-content/themes/encounters-lite/comments.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/themes/encounters-lite/includes/option.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/themes/encounters-lite/blog-full.php
{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-content/themes/encounters-lite/page-templates/frontpage-left-right.php< br />{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/themes/encounters-lite/languages/session.php
{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/plugins/wp-super-edit/tinymce_plugins/nonbreaking/session.php< br />{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/plugins/wp-super-edit/tinymce_plugins/superemotions/langs/menu.php< br />{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/plugins/wp-super-edit/tinymce_plugins/superemotions/js/user.php< br />{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/plugins/wp-super-edit/tinymce_plugins/searchreplace/langs/blog.php< br />{CAV}Php.Trojan.StopPost : /home/olesy05/public_html/stylishone.ru/wp-content/plugins/wp-super-edit/tinymce_plugins/searchreplace/js/session.php< br />{CAV}PHP.Trojan.Uploader : /home/olesy05/public_html/stylishone.ru/wp-content/plugins/advanced-spoiler/langs/stats.php
{HEX}php.nested.base64.534 : /home/olesy05/public_html/stylishone.ru/wp-admin/css/logon.php |
| Question: |
I viruses or which are not sent. What to do to lock. |
| Answer: |
You need to check and clean the site. we can open you ftp access you rasulala not viruses and spam. the site has been hacked |
| Question: |
Well. Open the ftp access. I`ll try to clean up the site. |
| Answer: |
open access |
| Answer: |
is a complaint came Subject: [SpamCop (http://stylishone.ru/wp-includes/js/jquery/ui/diff.html)
id:6341052576]FW: Your Popular ED proposition
Precedence: list
Date: Tue, 28 Jul 2015 09:13:43 -0700
X-SpamCop-sourceip: IP
X-Mailer: https://www.spamcop.net/ vIP
X-Spam-Level: 6.1 (******)
X-Spam-Flag: YES
X-Spam-Report: Spam detection software, running on the system
\"spam15.your-server.de\" that has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn`t spam) or label
similar future email. If you have any questions, see
EMAIL for details.
Content analysis details: (6.1 points)
pts rule name description
---- ---------------------- -------------------------------------------
-0.0 SPF_PASS SPF: sender matches SPF record
1.1 DATE_IN_PAST_03_06 Date: is 3 to 6 hours before Received: date
2.5 URIBL_DBL_ABUSE_BOTCC Contains an abused botnet C&C URL listed in the
DBL blocklist
[URIs: flying-datacenter.de]
0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked.
See
http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block
for more information.
[URIs: flying-datacenter.de]
0.5 RDNS_NONE Delivered to internal network by a host with no rDNS
2.0 URI_WP_HACKED_2 URI for compromised WordPress site, possible malware
Message-ID: 1ZKC0AEMAILpany
Delivered-To: EMAIL
[ SpamCop VIP ]
This message is brief for your comfort. Please use links below for details.
Spamvertised web site: http://stylishone.ru/wp-includes/js/jquery/ui/diff.html
https://www.spamcop.net/w3m?i=z6341052576zb5d91845523ce6bee4816233a199d545z
http://stylishone.ru/wp-includes/js/jquery/ui/diff.html is IP; Tue, 28
Dec 2015 20:58:58 GMT
[ Offending message ]
Delivered-To: x
Received: by IP with SMTP id tm7csp2112723qdb;
Tue, 28 Jul 2015 09:13:44 -0700 (PDT),
X-Received: by IP with SMTP id pv4mr71907900wjc.71.1438100023836;
Tue, 28 Jul 2015 09:13:43 -0700 (PDT),
Return-Path: <EMAIL>
Received: from flying-datacenter.de (web.flying-datacenter.de. [IP])
by mx.google.com with ESMTP id n3si21258171wib.89.2 IP.13.43
for <x>;
Tue, 28 Jul 2015 09:13:43 -0700 (PDT),
Received-SPF: pass (google.com: domain of EMAIL
designates IP as permitted sender) client-ip=IP;
Authentication-Results: mx.google.com;
spf=pass (google.com: domain of EMAIL
designates IP as permitted sender)
smtp.mail=EMAIL
Date: Tue, 28 Jul 2015 18:13:42 +0200
From: \"Valarie Wilson\" <EMAIL>
Reply-To:\"Valarie Wilson\" <EMAIL>
Message-ID: <EMAIL>
To: x
Subject: FW: Your Popular ED proposition
X-Priority: 3 (Normal)
MIME-Version: 1.0
Content-Type: text/html; charset=\"iso-8859-1\"
Content-Transfer-Encoding: 8bit
<div>
Your Popular ED proposition – <a
a href=\"http://stylishone.ru/wp-includes/js/jquery/ui/diff.html\">check it out</a>
</div> |
| Question: |
You can restrict access or disable yet, to ascertain, only stylishone.ru (as I understand it he went with the spam). What would all the other sites work, just have a lot of commercial links and has already got complaints about their unavailability. |
| Answer: |
all the other sites on your account can also be infected. you have to check everything |
| Question: |
Check, but everything seems to be clean. How will deprovera unsubscribe. |
| Answer: |
ok
|
| Question: |
On other sites everything is clean. Part of the site plmservice.ru and stylishone.ru my friend. He is now at work and see them in the evening. All the rest of my, they can be included. |
| Question: |
Disable only this website stylishone.ru with the rest everything is fine!!!In the evening on stylishone.ru can plugins clean. |
| Answer: |
ok
|
