php - Websites hosted on different servers being hacked 'again and again' with same base64 malware codes -

-

my websites hosted on different servers being hacked again , again same base64 malware codes. when decoded base64 code got link mbrowserstats.com/stath/stat.php.

please note: websites core php , wordpress being hacked. placing base64 malware codes in following files - index.php, main.php, footer.php, template files of wordpress (index.php, main.php, footer.php), index.php files in wp-admin, plugins, themes folders etc.

i have tried below things websites being hacked again , again.

  • changed ftp passwords

  • changed ftp client filezilla winscp

  • removed malware codes , re-upload files server

  • uploaded old backup files without malware codes

  • disabled magic_quotes_gpc, register_globals, exec & shell_exec functions

  • used index files prevent direct folder access

  • used mysql_real_escape_string function sanitize data insert queries in php websites

  • updated wordpress , plugins latest version

  • installed malwarebytes anti-malware , scanned computer malwares (full scan)

  • confirmed websites not using timthumb.php file

  • changed file permissions (755 folders & 644 files). image upload folders have 777 permission.

when checked websites' visitor details found ips 150.70.172.111 / 150.70.172.202, hostname:150-70-172-111.trendmicro.com, country - japan. accessed websites in close times time of modified files (malware injected files).

additional information: i'm using trend micro antivirus last 1 year. i'm wondering ips hostname 'trendmicro.com' have relation hacking or in stealing ftp passwords.

i suspect using ftp access insert malware codes. time between file modifications low. have updated files within seconds. think using program that. manually cannot edit files within seconds have many files in different folders of same website.

please me resolve issue. have tried many things happens again. thanks

it's tricky handle this. 1 of common ways happens on shared server malicious user can use account , insert file in upload directory (which world writeable on shared servers) going down , filesystem. it's not issue of passwords being cracked. things can do:

  1. use private/virtual server- not standard shared type more 1 user in same filesytem
  2. keep wordpress updated
  3. check theme , plugins online notices of vulnerabilities. big 1 many themes use timthumb.php image resize had big security hole last year. can continue using make sure replace current version.

for hosting highly recommend using such http://wpengine.com not private experience more top of security scans standard hosting companies.

also if site has been hacked must very careful remove backdoors - recommend doing clean install tough since have put theme , can contain backdoors well. malicious users create multiple backdoors in case 1 gets taken down. there few scripts online scan these none perfect. making cleab install, backing offline in case of hack option.


Comments

Post a Comment

Popular posts from this blog

css - Which browser returns the correct result for getBoundingClientRect of an SVG element? -

-
this svg contains rect overflows svg element: <svg id='svg' width='10' height='10'> <rect x='-10' y='-10' width='30' height='30'/> </svg> chrome 28 , opera 12 return getboundingclientrect() svg element width , height of 10. firefox 23 reports width , height of 30. correct? jsfiddle the relevant spec cssom , delegates svg spec if svg element not "have associated css layout box". haven't found definition of "having associated css layout box", correct result seem hinge on definition, getbbox returns 30x30 rect in browsers. this firefox bug fixed now, fix in firefox nightlies , should make through firefox 33 released on 14 october 2014. see bug 530985 details.
Read more

gcc - Calling fftR4() in c from assembly -

-
i trying asm fft implementation www.embeddedsignals.com work. running make gives error: undefined reference fftr4(short*, short*, int) at top of asm have .syntax unified .thumb .global fftr4 .type fftr4, %function and there #define's associate c functions arguments registers followed macros fftr4 function uses. after that, fftr4 called .thumb_func fftr4: stmfd sp!, {r4-r11, lr} mov tmp0, #0 // bit reversed counter mov tmp1, #0 .word 0xf3a2fa92 //rbit r3,r2 //rbit r,n lsl r,#3 and c code follows: void fftr4(short *y, short *x, int n); short x[512]; short y[512]; int i; void loop() { (i=0;i<512;i++) x[i]=0; (i=0;i<512;i=i+8) { x[i+0]=16384; x[i+2]=16384; x[i+4]=-16384; x[i+6]=-16384;} fftr4(y, x, 256); serialusb.println(y[128]); serialusb.println(y[129]); serialusb.println(y[384]); serialusb.println(y[385]); // expected results: //y[128]is 8191; y[129] -8190 y[
Read more

Function that returns a formatted array in VBA -

-
i have function prints excel data text file in array format following: [ ['id', 'label', 'longitude', 'latitude', 'country', 'region', 'ttl_wt_flw_thru', 'sum-of-bol-wt', 'count of wdr_ref', 'ratio'], ['aeauh', 'abu dhabi, united arab emirates', 54.3666667, 24.4666667, 'ae', 'eame', 66, 30, 8432, 281.066666666667], ['aedxb', 'dubai, united arab emirates', 55.307485, 25.271139, 'ae', 'eame', 682, 3, 8369, 2789.66666666667] ] my code writing array is: function fillsourcearray() dim long, j long, s string dim lastrow double dim s1 string 'opens file filepath = filepath & "dataarray" & ".txt" open filepath output #1 'read source data dataarray = sheets("nodes").cells(1).currentregion.value 'determine lastrow lastrow = sheets("nodes").range
Read more