[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 483: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/bbcode.php on line 112: preg_replace(): The /e modifier is no longer supported, use preg_replace_callback instead
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4688: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4690: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4691: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
[phpBB Debug] PHP Warning: in file [ROOT]/includes/functions.php on line 4692: Cannot modify header information - headers already sent by (output started at [ROOT]/includes/functions.php:3823)
The Honest Way Forum • View topic - PHP Virus, Check your sites

PHP Virus, Check your sites

If you have come across any scams or dishonest packages, products or strategies, discuss them here and expose them.
Feel free to name and shame the perpetrators! NO ADS!

Moderators: magnetize, Oosha, ftello, shezz

PHP Virus, Check your sites

Postby hwould » Mon May 10, 2010 1:22 pm

I already made a post at Ben's forum h**p://www.forum.makemoneyonlinewithseo.com/showthread.php?t=636

But long story short. PHP sites on apparently shared hosting sites have been injected with some javascript code. I read about it here: h**p://blog.sucuri.net/2010/05/new-attack-today-against-wordpress.html

They posted a fix but it didn't work for me on any of my sites I tried. Any additional info will probably be beneficial to a lot of us.
hwould
 
Posts: 32
Joined: Sat Jun 14, 2008 4:56 pm

Re: PHP Virus, Check your sites

Postby korprit » Mon May 10, 2010 3:26 pm

User avatar
korprit
 
Posts: 596
Joined: Thu Feb 19, 2009 2:25 pm

Re: PHP Virus, Check your sites

Postby TrentBrownrigg » Mon May 10, 2010 5:43 pm

TrentBrownrigg
 
Posts: 471
Joined: Tue Feb 24, 2009 1:11 am
Location: Iowa

Re: PHP Virus, Check your sites

Postby korprit » Mon May 10, 2010 6:36 pm

heh, no worries. those are linux shell commands. meaning you need to telnet or SSH into your host. once at the terminal (will look like '[user@host ~]%' or something along those lines), then you type in (or copy) those commands.

grep simply searches for text strings. so these commands tell grep to look for the reference text (offending javascript files), starting with the local directory ('.') and then go recursively through every directory ('-r'). so i recommend starting in the folder that houses all your sites for that host (like 'public_html')
User avatar
korprit
 
Posts: 596
Joined: Thu Feb 19, 2009 2:25 pm

Re: PHP Virus, Check your sites

Postby hwould » Tue May 11, 2010 11:57 am

Thanks for the help Korprit, but unfortunately all of that is mumbo jumbo to me. What I did was I deleted every piece of offending code from a site by hand. It worked on a site that was trying to give people a trojan. I also changed my passwords, I don't know if it matters though since they were already tough and I wasn't the only one hit obviously.

On a side note, only my sites that were updated to wordpress 2.9.0-2.9.2 were affected.
hwould
 
Posts: 32
Joined: Sat Jun 14, 2008 4:56 pm

Re: PHP Virus, Check your sites

Postby korprit » Tue May 11, 2010 3:52 pm

the commands don't clear it up, only identifies if you have infected files (lists files that have that string). simply cuts down on the amount of time it takes to clear it up.

i've seen at least one site that was infected, went to do a link trade and it said my 'C:\Windows\' directory was infected....i was running linux lol

<3 linux!
User avatar
korprit
 
Posts: 596
Joined: Thu Feb 19, 2009 2:25 pm


Return to Scams, Spams and Rip Offs

Who is online

Users browsing this forum: No registered users and 1 guest

cron