Results 1 to 4 of 4
  1. #1
    ABW Ambassador bettylou's Avatar
    Join Date
    December 27th, 2005
    Location
    Indiana
    Posts
    595
    Is there a connection between databases and malicious software?
    OK, maybe someone with a better understanding of how this stuff works can help me.

    A few weeks ago I posted that my databases had been almost entirely wiped out. The databases belonged to different sites but were all under the same hosting account. Last week, I posted that Google had blocked my account because someone had installed badware on my site, a wordpress site. I have since removed that site and reinstalled a fresh version of WP. I got the all-clear from Google in about 2 days, on Oct. 25.


    I just received this email from my web host:

    Hello,

    We have received complaints of a phishing site being hosted on your site as referenced above. Upon inspection, we found that a phishing site had been installed on your account. The vast majority of phishing sites are installed by malicious users who have found exploits in scripts previously (and legitimately) installed on the account. We have taken the above actions to prevent further malicious activities. Please make sure to update your password to something more secure at this point and to update all the scripts/plugins on your account to the latest version.


    What steps do I need to take now? The email states that they have taken the above actions, however no actions were included in the email. They gave me the url of the phishing site and it is (or rather, was) located in the main site on the account. Can this affect the subdomains? Could this be what wiped out my databases? And, what do I do now?

    Sorry for all the questions, I'm just not sure what to do. Thanks for any and all suggestions.

  2. #2
    Moderator BurgerBoy's Avatar
    Join Date
    January 18th, 2005
    Location
    jacked by sylon www.sylonddos.weebly.com
    Posts
    9,618
    Why don't you call your host and ask them what you need to do??

    Vietnam Veteran 1966-1970 USASA
    ABW Forum Rules - Advertise At ABW

  3. #3
    Member
    Join Date
    October 11th, 2008
    Posts
    69
    Generally speaking....

    1) The host could have bad security on the particular server your on.
    2) The version of WP, any plugins, etc. could have a security flaw
    3) Your passwords may have been stolen


    You need to....

    1) Pull the sites, change the passwords, have the host create a NEW account on a DIFFERENT server with DIFFERENT passwords.
    2) Research the WP Changelogs/Security Warnings/Issues and upgrade if needed
    3) Research any plugins you use for Security Warnings/Issues and upgrade if needed
    4) Rebuild the site from scratch (i.e. new empty database) with a new and much more complex password

    Most often I've seen this sort of thing with autoresponders, form submission, comment submission, etc. And almost always with a plugin. But did have a couple incidents with people over the years that left their SQL ports open, no passwords on their databases, etc. as well.

    Scott

  4. #4
    Visual Artist & ABW Ambassador lostdeviant's Avatar
    Join Date
    September 7th, 2007
    Location
    Cuautitlán, Edo. de México
    Posts
    1,725
    Have you already done basic stuff like set more restrictive file and directory permissions?

  5. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. My site is distributing malicious software?
    By bettylou in forum Midnight Cafe'
    Replies: 23
    Last Post: October 29th, 2008, 09:27 AM
  2. Malicious Software? What are they talking about??
    By wireninja in forum eBay Partner Network
    Replies: 4
    Last Post: June 6th, 2008, 11:55 PM
  3. Malicious Software Removal Tool (Windows Updates)
    By davester in forum Commission Junction - CJ
    Replies: 7
    Last Post: January 13th, 2005, 04:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •