If you have come across any scams or dishonest packages, products or strategies, discuss them here and expose them.
Feel free to name and shame the perpetrators! NO ADS!
Moderators: magnetize, Oosha, ftello, shezz
by hwould » Mon May 10, 2010 1:22 pm
I already made a post at Ben's forum h**p://www.forum.makemoneyonlinewithseo.com/showthread.php?t=636
But long story short. PHP sites on apparently shared hosting sites have been injected with some javascript code. I read about it here: h**p://blog.sucuri.net/2010/05/new-attack-today-against-wordpress.html
They posted a fix but it didn't work for me on any of my sites I tried. Any additional info will probably be beneficial to a lot of us.
-
hwould
-
- Posts: 32
- Joined: Sat Jun 14, 2008 4:56 pm
by korprit » Mon May 10, 2010 3:26 pm
-

korprit
-
- Posts: 596
- Joined: Thu Feb 19, 2009 2:25 pm
by korprit » Mon May 10, 2010 6:36 pm
heh, no worries. those are linux shell commands. meaning you need to telnet or SSH into your host. once at the terminal (will look like '[user@host ~]%' or something along those lines), then you type in (or copy) those commands.
grep simply searches for text strings. so these commands tell grep to look for the reference text (offending javascript files), starting with the local directory ('.') and then go recursively through every directory ('-r'). so i recommend starting in the folder that houses all your sites for that host (like 'public_html')
-

korprit
-
- Posts: 596
- Joined: Thu Feb 19, 2009 2:25 pm
by hwould » Tue May 11, 2010 11:57 am
Thanks for the help Korprit, but unfortunately all of that is mumbo jumbo to me. What I did was I deleted every piece of offending code from a site by hand. It worked on a site that was trying to give people a trojan. I also changed my passwords, I don't know if it matters though since they were already tough and I wasn't the only one hit obviously.
On a side note, only my sites that were updated to wordpress 2.9.0-2.9.2 were affected.
-
hwould
-
- Posts: 32
- Joined: Sat Jun 14, 2008 4:56 pm
by korprit » Tue May 11, 2010 3:52 pm
the commands don't clear it up, only identifies if you have infected files (lists files that have that string). simply cuts down on the amount of time it takes to clear it up.
i've seen at least one site that was infected, went to do a link trade and it said my 'C:\Windows\' directory was infected....i was running linux lol
<3 linux!
-

korprit
-
- Posts: 596
- Joined: Thu Feb 19, 2009 2:25 pm
Return to Scams, Spams and Rip Offs
Who is online
Users browsing this forum: No registered users and 1 guest