Virus Removal

 
Post new topic   Reply to topic    34SP.com Forum Index // Non Members Questions
View previous topic :: View next topic  
Author Message
Glenn Kilpatrick
Guest





PostPosted: Wed Jun 03, 2009 9:15 pm    Post subject: Virus Removal Reply with quote
Hi there, I have spoken to one of the support team but I would just like to check a few more things out. I am the webmaster for www.whitbyseaanglers.co.uk. My site is currently infested with a virus, or perhaps several. I think they reside only in my forum although it could be they are widespread in the site which is made up of 2 forums, 5 wordpress installations and a html section in the root folder. The 2 virus I know about are :

javaScript Obfuscation (type 501)

Mal/Obf/JS-BW

My current host is being less than helpful and support tickets go unanswered.

If I was to move to 34sp would they be able to remove the virus for me ? I have tried once myself but it came back. My site is currently on hosting with 80 gig a month transfer which costs about £23 per month. I notice that 34sp hosting is much cheaper, I hope this does not compromise the quality ? One thing I need is for the forums to run fast with very little downtime.

Also I have looked at the proffesional 2500 package. I maybe could do with a bit more storage. Is there another slightly bigger package and at what cost ?

Also do 34sp prices as shown and include vat and everything else or is that added later ?

I am also interested in any support I could receive with the transfer of the site.

Many thanks for your time - Glenn
Back to top
philr
Super Member
Super Member


Joined: 05 Nov 2003
Posts: 990
Location: Exeter

PostPosted: Thu Jun 04, 2009 2:47 pm    Post subject: Reply with quote
The best way to remove viruses/worms from your website is to replace the entire site with a clean backup. If you haven't got one of those, then it won't be so easy. If you can identify the exact cause of the problem, then you should be able to find a script somewhere that will repair the damage (or at least remove the offending software).

Most website attacks are targeted at third-party software. I don't know what you were using for the forums, but your photo gallery appears to be running an old version of Coppermine that was released back in February. There have been three critical security updates since then. Whenever you install third-party software, you should really add yourself to their mailing lists and install updates as soon as they become available.

And if you ever fall victim to an attack, don't forget to change all your passwords (MySQL, FTP, control panel, etc.).
_________________
Phil Ronan
フィリップ・ローナン
Back to top
View user's profile Send private message Visit poster's website
Glenn Kilpatrick
Guest





PostPosted: Thu Jun 04, 2009 3:33 pm    Post subject: Possible Virus Removal Reply with quote
Hi Phil,

At the moment the gallery is not infected, just the forum which is right up to date in terms of software releases and patches. I have tried to remove the virus from my forum by means of deleting old files and upgrading with new. However the virus in the forum came back. I was wondering if the virus scan on 34sp's hosting would be able to identify the virus and remove it. I am really stuck for ideas of what to do other than seek outside help.

I would be willing to transfer hosting here in return for some assistance with virus removal.

Best regards - Glenn
Back to top
philr
Super Member
Super Member


Joined: 05 Nov 2003
Posts: 990
Location: Exeter

PostPosted: Thu Jun 04, 2009 5:01 pm    Post subject: Reply with quote
Once your web forum has been infected, simply updating the software probably won't fix the problem. Many attacks use SQL injection, so there's a high possibility that there's something nasty lurking in your database. The attacker may also have dropped a few extra files into your webspace. Have you tried searching the web for instructions on fixing the problem? (For example, here's some information about a recent SMF forum exploit).

As far as I know, 34sp's virus protection applies to incoming email, not to third-party web software. But I think I'm right in saying that all their shared servers use mod_security to filter out malicious traffic. And they're quite good about creating backups too, although ultimately it's your responsibility to keep a copy of everything.

Like I said, the way to deal with an infected website is to restore it from a clean backup. If you don't keep backups, then sooner or later you'll lose everything.
_________________
Phil Ronan
フィリップ・ローナン
Back to top
View user's profile Send private message Visit poster's website
imknight
Administrator
Administrator


Joined: 16 Mar 2001
Posts: 3627
Location: Stroud,Gloucestershire

PostPosted: Fri Jun 05, 2009 7:44 am    Post subject: Reply with quote
Just to let you know we are currently rolling out a serverwide virus filtering on ftp uploads, so any upload done via the FTP protocol will automatically block any files being uploaded that are deemed to be containing a virus which includes a lot of things like hidden iframes and obfuscated javascript code that we are aware of.

We are using rulesets from a lot of well known security people as long as a subset of custom rules from recent issues that we have seen, this so far is proving to be very succesful - along with the FTP lock available on the accounts this does make the accounts quite secure from malicious attacks.

Also have a read of our recent blog posts on how you can restrict ftp access to a specific range of IPs, mainly intended for reseller/vps people that dont have our FTP Lock but can also be used by normal hosting on webuser/subdomains etc or if you upload regularly and want to leave the FTP lock off.
_________________
Ian
34SP.com
Easy script installers for a small number of popular scripts are now available at http://scripts.34sp.com
Used our script installers? Please post your site here

| Wordpress Hosting |
Back to top
View user's profile Send private message Send e-mail Visit poster's website ICQ Number
Post new topic   Reply to topic    34SP.com Forum Index // Non Members Questions All times are GMT
Page 1 of 1

 
Jump to:  
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You can vote in polls in this forum
Powered by phpBB © 2001, 2002 phpBB Group