dongmu5596 2013-08-10 05:54
浏览 78
已采纳

托管在不同服务器上的网站被“一次又一次”黑客攻击,使用相同的base64恶意软件代码[关闭]

My Websites hosted on different servers being hacked again and again with same base64 malware codes. When I decoded the base64 code I got the link to mbrowserstats.com/statH/stat.php.

Please note: My websites with core php and also wordpress are being hacked. They are placing base64 malware codes in following files - index.php, main.php, footer.php, template files of wordpress (index.php, main.php, footer.php), index.php files in wp-admin, plugins, themes folders etc.

I have already tried below things but all websites are being hacked again and again.

  • Changed all ftp passwords

  • Changed ftp client fileZilla to winSCP

  • Removed all malware codes and re-upload all files to server

  • Uploaded old backup files without malware codes

  • Disabled magic_quotes_gpc, register_globals, also exec & shell_exec functions

  • Used index files to prevent direct folder access

  • Used mysql_real_escape_string function to sanitize data for insert queries in php websites

  • Updated WordPress and also all Plugins to latest version

  • Installed malwarebytes anti-malware and scanned my computer for malwares (Full Scan)

  • Confirmed that my websites are not using timthumb.php file

  • Changed file permissions (755 for folders & 644 for files). Now only image upload folders have 777 permission.

When I checked the websites' visitor details I found some IPs like 150.70.172.111 / 150.70.172.202, Hostname:150-70-172-111.trendmicro.com, Country - Japan. They accessed websites in close times to the time that of modified files (malware injected files).

Additional Information: I'm using Trend Micro antivirus from last 1 year. I'm wondering that the IPs with hostname 'trendmicro.com' have any relation with hacking or in stealing my ftp passwords.

I suspect that they are using ftp access to insert malware codes. Also the time between file modifications is very low. They have updated all files within seconds. So I think they are using a program for that. Manually they cannot edit all files within seconds as I have so many files in different folders of same website.

Please help me to resolve this issue. I have tried many things but it happens again. Thanks

  • 写回答

1条回答 默认 最新

  • doushantun0614 2013-08-10 06:14
    关注

    It's tricky to handle this. One of the common ways this happens is that on a shared server a malicious user can use another account and insert a file in your upload directory (which is often world writeable on shared servers) by going down and back up the filesystem. It's not really an issue of passwords being cracked. Things you can do:

    1. Use a private/virtual server- just not the standard shared type with more than one user in the same filesytem
    2. Keep WordPress updated
    3. Check all your theme and plugins for online notices of vulnerabilities. A big one is that many themes use timthumb.php for image resize which had a big security hole last year. You can continue using it but make sure to replace it with the current version.

    For hosting I highly recommend using something such as http://WPEngine.com as you will not only get a private experience but they will also be more top of security scans than standard hosting companies.

    Also if your site has been hacked you must be very very careful to remove all backdoors - I recommend doing a clean install which is obviously tough since you have to put your theme back and that can contain backdoors as well. Malicious users will create multiple backdoors in case one gets taken down. There are a few scripts online that will scan for these but none that is perfect. Making a cleab install, then backing it up offline in case of a hack is a good option.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站
  • ¥50 成都蓉城足球俱乐部小程序抢票
  • ¥15 yolov7训练自己的数据集
  • ¥15 esp8266与51单片机连接问题(标签-单片机|关键词-串口)(相关搜索:51单片机|单片机|测试代码)
  • ¥15 电力市场出清matlab yalmip kkt 双层优化问题
  • ¥30 ros小车路径规划实现不了,如何解决?(操作系统-ubuntu)