Closed

remove website malware

This project was awarded to valerianmartin for $25.5 USD.

Get free quotes for a project like this
Employer working
Awarded to:
Skills Required
Project Budget
$30 - $100 USD
Total Bids
16
Project Description

A rogue script has somehow managed to hack my site [url removed, login to view] so that it manages to keep getting access to the site's .htaccess file and modify it to redirect search engines to this viagra page: <[url removed, login to view]:bHAiI9EzoK0J:[url removed, login to view]+superjam&cd=1&hl=en&ct=clnk&gl=uk>





That means that when users search for "superjam" on google, they see this:


### [Viagra cheap | Cheap Viagra Online - #1 Canadian PHARMACY][1]

25 Jun 2010? **...**? Viagra cheap | Official Canadian Pharmacy | FDA Approved Drugs. Extra Low Prices<wbr />. Worldwide Shipping, No Prescription Needed, Fast Delivery.










I need this security error fixed asap.


## Deliverables

Dreamhost support said of the error:

WordPress (v2.9.1) : /home/mediaroots/[weareunleaded<wbr />.com/BK/][2]? (OUTDATED!)
Zen Cart ([url removed, login to view]) : /home/mediaroots/[eventworldtic<wbr />[url removed, login to view]][3]? (OUTDATED)
Zen Cart ([url removed, login to view]) : /home/mediaroots/[eventworldtic<wbr />[url removed, login to view]][4]? (OUTDATED)

- WordPress installations need to be updated to the current secure releases of 2.9.2 or 3.0.
- ZenCart installations need to be updated to version 1.3.9d.
- Any old/outdated/archive installations that you do not intend to maintain need to be deleted from the server.





----------




Go through all files under the affected user and look for anything that may have been modified or placed by the hacker. ? It is common for the intruder to place extra <?php> blocks, iframes, javascript <script> tags, etc., frequently at the top or bottom of otherwise legitimate files. ? Often times this code is obfuscated or encoded such that you cannot tell what it does simply by reading it. ? Also note that hackers often leave behind shell/backdoor scripts that thy can later use to re-exploit the site even after all other vulnerabilities have been patched. Often these scripts are given innocuous names like "[url removed, login to view]" or "[url removed, login to view]", or they may be more direct -- anything called "c99shell" or "r57shell" or "[url removed, login to view]" is a dead giveaway.
Likely hacked code / hacker shells were found under mediaroots here:
/home/mediaroots/[superjam.co.<wbr />uk/pstore/<wbr />[url removed, login to view]][5]

Looking to make some money?

  • Set your budget and the timeframe
  • Outline your proposal
  • Get paid for your work

Hire Freelancers who also bid on this project

    • Forbes
    • The New York Times
    • Time
    • Wall Street Journal
    • Times Online