cain38 Posted December 6, 2012 Posted December 6, 2012 a. lequireb. http://stevie.heliohost.org/c. lequireandcompany.com It's a simply wordpress install with little to no activity to promote an art gallery. no spamming or anything I'm aware of has taken place.
cl58 Posted December 6, 2012 Posted December 6, 2012 Your account was suspended for hosting malware. I have unsuspended your account, but you must remove all malicious files from your account within 24 hours. If after 24 hours from the time of this post you still are hosting malware, you will be resuspended
cain38 Posted December 7, 2012 Author Posted December 7, 2012 So what was detected and where is it? In the HTML source code? google webmaster tools isn't reporting any malware. how do i find what you found?
Shinryuu Posted December 7, 2012 Posted December 7, 2012 Make a backup of your files and run them through scanners, we use Clam AV, if you think we got a false positive feel free to file a report with them.
cain38 Posted December 7, 2012 Author Posted December 7, 2012 so its not some sort of xss inserted into the templete of some sort of sql injection? it's actually a file thats being hosted?
Shinryuu Posted December 7, 2012 Posted December 7, 2012 XSS involves redirecting a request to another server hosting the actual malicious code and SQL injection only gives an attacker access to the database, they could insert a malicious bit of code but usually injection is just used to track the information in the database or drop data from it, not to plant code.
cain38 Posted December 7, 2012 Author Posted December 7, 2012 thanks, I'll scan now. Is there anything you guys have that can tell me the exact file thats suspicious?
Shinryuu Posted December 7, 2012 Posted December 7, 2012 An Admin would have to tell you that, I don't have any inside knowledge and Mods are only told the virus signature found.
cain38 Posted December 7, 2012 Author Posted December 7, 2012 also, I tried downloading my site via ftp and i guess it opened too many simultaneous connections and looks like my ip is blocked. I can get to my site and the cpanel over my phone's mobile network but through my wi-fi it looks like im blocked. is that possible that my home ipaddress go blocked or throttled?
Shinryuu Posted December 7, 2012 Posted December 7, 2012 If you opened too many connections too fast our DoS protection probably booted you, try again in a few minutes. The best way to grab a backup is to just do a /public_html backup through cPanel.
Krydos Posted December 7, 2012 Posted December 7, 2012 thanks, I'll scan now. Is there anything you guys have that can tell me the exact file thats suspicious? /home/lequire/public_html/wp-content/themes/easel/images/404.php
cain38 Posted December 7, 2012 Author Posted December 7, 2012 I've run the entire backup through multiple virus and malware scanners. how do i get in touch with the admins to find out exactly what they found?
Shinryuu Posted December 7, 2012 Posted December 7, 2012 thanks, I'll scan now. Is there anything you guys have that can tell me the exact file thats suspicious? /home/lequire/public_html/wp-content/themes/easel/images/404.php 404.php in your WordPress themes folder apparently has some bad code.
Krydos Posted December 7, 2012 Posted December 7, 2012 how do i get in touch with the admins to find out exactly what they found?I already told you what was found...
Krydos Posted December 7, 2012 Posted December 7, 2012 Your account is showing up as clean now. Thank you for taking care of this.
Recommended Posts