2

For the past couple of weeks at semi regular intervals, this website has had the #c3284d# malware code inserted into some of its .php files. Also the .htaccess file had its equivelant code inserted. I have, on many occasions removed the malicious code, replaced files, changed the ftp password on my ftp client (which is CoreFTP), changed the connection method to FTPS for more secure storage of the password (instead of plain text).

I have also scanned my computer several times using AVG and Windows Defender which have found no malware on my computer which might have been storing my ftp passwords.

I used Sucuri SiteCheck to check my website which says my website is clean of malware which is bizarre because I just attempted to click one of the links on the site a minute ago and it linked me to another one of these random stats.php sites, even though it appears I have gotten rid of the #c3284d# code again (which will no doubt be re-inserted somehow in an hour or so)..

Has anyone found an actual viable solution for this malware hack?

I have done just about all of the things suggested here and here and the problem still persists.

Currently when I click on a link within the sites navigation menu within Google Chrome I get googles Malware warning page:

Warning: Something's Not Right Here! oxsanasiberians.com contains malware. Your computer might catch a virus if you visit this site. Google has found that malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed. Why not try again tomorrow or go somewhere else? We have already notified oxsanasiberians.com that we found malware on the site. For more about the problems found on oxsanasiberians.com, visit the Google Safe Browsing diagnostic page.

4

2 回答 2

2

我有完全相同的问题。

我猜该网站是通过小部件感染的,因为我使用了一个允许执行 PHP 代码的插件。

我最好的解决方案是:

-eliminate the suspicious widget;
-see the time and date of one infected file(my case: header.php); 
-clear all infected files(in my case I have a backup of the site); 
-search into log file for suspicious IPs at that time (search finded IPs on blacklists); 
-install one plugin to ban suspicious IPs.

从那一刻起,问题就消失了。

于 2012-07-27T14:31:15.113 回答
1

我使用 Sucuri SiteCheck 检查了我的网站,上面说我的网站没有恶意软件,这很奇怪,因为我一分钟前刚刚尝试单击该网站上的一个链接,它把我链接到另一个随机 stats.php 网站,即使看起来我再次摆脱了#c3284d#代码(毫无疑问,它会在一小时左右以某种方式重新插入)..

  1. 你点击重新扫描了吗?因为该站点将结果缓存 24 小时。

  2. 您是否清除了网站的缓存?例如,如果您使用 Super Cache 插件或其他东西。

  3. 当您通过您的CPanel更改FTP密码时,您是否尝试过一天左右没有登录?这将验证问题是否基于 FTP 密码。我最近在清除此感染后尝试通过 Filezilla 登录我的 FTP,然后我立即删除了之后的网站条目。第二天我的网站又被感染了。所以我决定从现在开始通过 cPanel 做所有事情。

于 2012-07-30T14:06:08.440 回答