Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
L
L
ligisayan2015-11-24 16:18:22
Malware
ligisayan, 2015-11-24 16:18:22

A malicious shell has penetrated my hosting, which overwrites htaccess - how can I protect myself in the future?

Greetings. I ran into a problem - a backdoor shell penetrated my hosting account, which overwrote all htaccess files on sites and now constantly redirects to third-party sites from mobile devices. overwriting files with permissions 644, unfortunately, does not give anything - after 30 minutes the files are overwritten again...(((
Unfortunately, I don't know the exact date when this happened - I noticed at the weekend.
Maybe someone has already dealt with a parasite like this kind and knows what to do?

found the infection (crawled through the built-in tinymce.com compat3x plugin) and eradicated it! thanks to the aibolite and cleaned up the tails.
Now the question is: how to protect yourself for the future and close the hole? wordpress site engines, updated to the latest version - plugins like Will AntiVirus work or will it not save you from shells?
Who will tell you a good way of protection, so that with a high degree of probability such a problem does not arise again - I will note the solution

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

7 answer(s)
Report
L
ligisayan, 2015-12-11
@ligisayan

Aibolit's script rescued the
problem was in redirects from .htaccess

Report
N
nirvimel, 2015-11-24
@nirvimel

Erase everything under the root and re-upload.

Report
Q
quakin, 2015-11-24
@quakin

When this happened to me, I did this:
1) downloaded the site files via FTP to the local computer
2) checked them with an antivirus (I used a free utility from drWeb), got a list of infected files; made sure that there were no "infected" useful files in the list, there were only left files
3) deleted the infected files on the server, the problem was solved.
I only regret that I could not find the source of the malware.

Report
K
kstyle, 2015-11-24
@kstyle

manul from yandex did not try?

Report
Владимир Мартьянов, 2015-11-24
@vilgeforce

Если вам плевать на результаты - можете сканировать, применять какие-то скрипты по замене чего-то и так далее. Ни один из этих методов не дает гарантии обнаружения всей заразы. Гарантированный метод избавления - стереть все и накатить заведомо чистые копии, как уже написано выше. Главное чтобы копии были чистые, а не с уже залитыми шеллами :-)

Report
S
Sanes, 2015-11-24
@Sanes

chmod 444 .htaccess

Report
S
sashabeep, 2015-11-25
@sashabeep

Если сайты на CMS - имеет смысл все же затереть все файлы (предварительно скачав стили и всякие вложения), обновить движок новыми файлами с уже существующей базой и закинуть стили с файлами данных обратно, предварительно проштудировав их на предмет скриптов. Только так можно быть на 100% уверенным в чистоте...

Similar questions
I
IvankoPo2017-07-28 18:00:50
How can I permanently disable an intruder from my computer? 7Reply
J
jdk2017-08-09 13:54:51
How can traffic be analyzed for the presence of malware? 1Reply
E
EuhenVL2017-08-11 13:48:07
If you create a ball on the ubuntu server - samba, and make a backup copy on it, can it cause viruses like Wanna Cry? Peter A? 3Reply
D
Dmitry Chekanov2017-08-24 23:58:02
DLE redirect virus? 0Reply
G
Grizar2020-02-02 22:23:22
Can antiviruses be trusted? 7Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question