remove website malware

Closed

A rogue script has somehow managed to hack my site [url removed, login to view] so that it manages to keep getting access to the site's .htaccess file and modify it to redirect search engines to this viagra page: <[url removed, login to view]:bHAiI9EzoK0J:[url removed, login to view]+superjam&cd=1&hl=en&ct=clnk&gl=uk>

That means that when users search for "superjam" on google, they see this:

### [Viagra cheap | Cheap Viagra Online - #1 Canadian PHARMACY][1]

25 Jun 2010? **...**? Viagra cheap | Official Canadian Pharmacy | FDA Approved Drugs. Extra Low Prices<wbr />. Worldwide Shipping, No Prescription Needed, Fast Delivery.

I need this security error fixed asap.

## Deliverables

Dreamhost support said of the error:

WordPress (v2.9.1) : /home/mediaroots/[weareunleaded<wbr />.com/BK/][2]? (OUTDATED!)

Zen Cart ([url removed, login to view]) : /home/mediaroots/[eventworldtic<wbr />[url removed, login to view]][3]? (OUTDATED)

Zen Cart ([url removed, login to view]) : /home/mediaroots/[eventworldtic<wbr />[url removed, login to view]][4]? (OUTDATED)

- WordPress installations need to be updated to the current secure releases of 2.9.2 or 3.0.

- ZenCart installations need to be updated to version 1.3.9d.

- Any old/outdated/archive installations that you do not intend to maintain need to be deleted from the server.

----------

Go through all files under the affected user and look for anything that may have been modified or placed by the hacker. ? It is common for the intruder to place extra <?php> blocks, iframes, javascript <script> tags, etc., frequently at the top or bottom of otherwise legitimate files. ? Often times this code is obfuscated or encoded such that you cannot tell what it does simply by reading it. ? Also note that hackers often leave behind shell/backdoor scripts that thy can later use to re-exploit the site even after all other vulnerabilities have been patched. Often these scripts are given innocuous names like "[url removed, login to view]" or "[url removed, login to view]", or they may be more direct -- anything called "c99shell" or "r57shell" or "[url removed, login to view]" is a dead giveaway.

Likely hacked code / hacker shells were found under mediaroots here:

/home/mediaroots/[superjam.co.<wbr />uk/pstore/<wbr />[url removed, login to view]][5]

Skills:

See more: zen cart v1.5.1, wordpress template security, wordpress official site, wordpress official, website template cheap, web search remove, web page hacked, template for web cheap, innocuous, giveaway script, ct online code, code ct online, code blocks online, cheap wordpress website, cheap web template, cheap website template, top 10 web search engines, wordpress hack, wordpress giveaway, website official, website hacker, website hacked !, web security hacker, web gl, vulnerabilities

Project ID: #3563884

Awarded to:

valerianmartin

See private message.

$25.5 USD in 19 days
(4 Reviews)
2.4

15 freelancers are bidding on average $146 for this job

vektormedia2

See private message.

$51 USD in 19 days
(361 Reviews)
6.9
ericgillette

See private message.

$148.75 USD in 19 days
(146 Reviews)
6.7
imaster2000

See private message.

$34 USD in 19 days
(100 Reviews)
5.8
intelsteel

See private message.

$102 USD in 19 days
(61 Reviews)
5.4
eSoftTech

See private message.

$85 USD in 19 days
(19 Reviews)
5.2
hsn09

See private message.

$84.15 USD in 19 days
(128 Reviews)
5.1
infyagent

See private message.

$59.5 USD in 19 days
(14 Reviews)
4.8
ajpatel

See private message.

$85 USD in 19 days
(43 Reviews)
4.3
wooinvivw

See private message.

$59.5 USD in 19 days
(41 Reviews)
4.1
kyrianUK

See private message.

$1190 USD in 19 days
(6 Reviews)
2.9
codecamp

See private message.

$59.5 USD in 19 days
(23 Reviews)
2.8
KuroSaru

See private message.

$51 USD in 19 days
(1 Review)
1.7
evilcryvw

See private message.

$76.5 USD in 19 days
(0 Reviews)
0.0
idify

See private message.

$63.75 USD in 19 days
(0 Reviews)
0.0
chetanthumar

See private message.

$68 USD in 19 days
(0 Reviews)
0.0