php - Websites hosted on different servers being hacked 'again and again' with same base64 malware codes -


my websites hosted on different servers being hacked again , again same base64 malware codes. when decoded base64 code got link mbrowserstats.com/stath/stat.php.

please note: websites core php , wordpress being hacked. placing base64 malware codes in following files - index.php, main.php, footer.php, template files of wordpress (index.php, main.php, footer.php), index.php files in wp-admin, plugins, themes folders etc.

i have tried below things websites being hacked again , again.

  • changed ftp passwords

  • changed ftp client filezilla winscp

  • removed malware codes , re-upload files server

  • uploaded old backup files without malware codes

  • disabled magic_quotes_gpc, register_globals, exec & shell_exec functions

  • used index files prevent direct folder access

  • used mysql_real_escape_string function sanitize data insert queries in php websites

  • updated wordpress , plugins latest version

  • installed malwarebytes anti-malware , scanned computer malwares (full scan)

  • confirmed websites not using timthumb.php file

  • changed file permissions (755 folders & 644 files). image upload folders have 777 permission.

when checked websites' visitor details found ips 150.70.172.111 / 150.70.172.202, hostname:150-70-172-111.trendmicro.com, country - japan. accessed websites in close times time of modified files (malware injected files).

additional information: i'm using trend micro antivirus last 1 year. i'm wondering ips hostname 'trendmicro.com' have relation hacking or in stealing ftp passwords.

i suspect using ftp access insert malware codes. time between file modifications low. have updated files within seconds. think using program that. manually cannot edit files within seconds have many files in different folders of same website.

please me resolve issue. have tried many things happens again. thanks

it's tricky handle this. 1 of common ways happens on shared server malicious user can use account , insert file in upload directory (which world writeable on shared servers) going down , filesystem. it's not issue of passwords being cracked. things can do:

  1. use private/virtual server- not standard shared type more 1 user in same filesytem
  2. keep wordpress updated
  3. check theme , plugins online notices of vulnerabilities. big 1 many themes use timthumb.php image resize had big security hole last year. can continue using make sure replace current version.

for hosting highly recommend using such http://wpengine.com not private experience more top of security scans standard hosting companies.

also if site has been hacked must very careful remove backdoors - recommend doing clean install tough since have put theme , can contain backdoors well. malicious users create multiple backdoors in case 1 gets taken down. there few scripts online scan these none perfect. making cleab install, backing offline in case of hack option.


Comments

Popular posts from this blog

css - Which browser returns the correct result for getBoundingClientRect of an SVG element? -

gcc - Calling fftR4() in c from assembly -

.htaccess - Matching full URL in RewriteCond -