I am at a loss. I don’t know where to find what codes or malware has been interjected into my site – or how to remove it. www.valleyenterprisesnb.com
Its a wordpress site – just brand new. Haven’t even launched to customers yet. Not sure what happened or how it was hacked so easily.
STH Scan ID #582622951036-901 output
Malicious Code detected on Line 321, 509 of www.valleyenterprisesnb.com
Starts with <!—>O0I=’7kSKlBXYjNXZfhSZwF2YzVmb1hSZ0lmc35Cdu … charAt",“indexOf”,“fromCharCode”,“length”];function OO1 … string[_0x84de2](i);} ;return ret;} ;eval(OO1→
Note: This is a free limited scan, please check out other pages too.
Please look at the copy of the page on the server after you have logged into your hosting directory using ftp/sftp/scp etc. You may find code like eval(gzinflate(base64_decode(’7L0HYBxJliUmL23Ke and such which is generating the malware being displayed to your visitors, causing your site to get blacklisted.
Sometimes, it might be useful to wipe out the hosting directory. You can probably get a backup copy of your site from your hosting provider. Please remember to check for malware on the server and in the backend database too. Also, remember to scan your local computer with multiple Anti-virus engines to detect the presence of any resident malware and change your passwords for user-control-panel and ftp/sftp/scp.
In case your website seems to redirect users to another harmful site, please contact your hosting company for help to analyze the .htaccess file for your account and in case you run WordPress you may also check your config files (e.g. wp-config.php). Taking a good look at your template files is also highly recommended as is upgrading to the latest version of the CMS sofware you are using.
If you are using OSCommerce like shopping carts, or OpenX ad servers, please update your installations. If you seem to be infected by the imgaaa/imgbbb/imgddd kind of infection, this link might help: http://www.stopthehacker.com/2011/05/04/web-malware-faking-images/ some latest malware information may be present on our blogs: stopthehacker.com/blog/
If your site uses Wordpress, please upgrade to the latest version immediately. Visit the official wordpress site. Also update timthumb, rokbox and other third party plugins you may be using.
If you have any specific issues feel free to ask for help.
Hope this helps,
Dr. Anirban Banerjee,
Protecting the Internet, one website at a time™