Malware Keeps coming back!

Home Forums Support Forum Malware Keeps coming back!

This topic contains 3 replies, has 4 voices, and was last updated by  Tejas H 1 year ago.

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • #91193

    Jim Bilodeau
    Member

    I have a shared server with 10 websites, I clean each site with gotmls.net anti malware and wordfence scans. Within a day the malware is back. I have a bunch of ip’s Russia and Hungary trying all sorts of  php files. Each time a delete .htaccess and fix every file I can find.

    the index, wp-config and wp-settings always get changed to 755 and get something like this: (the file name and folder are randomized)

    /*de9e6*/

    @include (“/home2/xxxxx/xxxxx.com/wp-includes/js/plupload/.69ed8b01.mo”);

    /*de9e6*/

    No matter what I use or how many times I clean the website it comes back within 24 hours.

    Server: Hostgator

    Any help would be appreciated.

    #94813

    Niki niko
    Member

    Same problem here.

     

     

    #95749

    Anti-Malware Admin
    Key Master

    Unfortunately this situation is all too common and there are a great many reasons why you might be plagued by recurring infection. The main problem is that they were able to exploit your server in the first place, and they could be using that same vulnerability for each subsequent attack. The second issue is that once they get in they are then able to infect every site on your account (and possibly even other accounts too).

    So why is this even possible? In one word: Hostgator, All these giant Shared Hosting provider want to do is cram as many users as they can onto as few servers as possible to make their service as cheap as it can be. They don’t really care about security because they don’t see it as they problem, they have specifically made that your problem.

    I am openly critical of these massive shared hosting platforms because I also run my own Super Secure Hosting servers and it’s not hard to take the proper security measures but I can’t compete with their pricing and that’s why they have all the customers.

    The hard truth about your situation is that if you have more than just a couple sites it’s going to be really hard to pin down where this threat is coming from you will need to do extensive digging in your log files to find the exploit and that’s assuming that the the vulnerability being exploited is even on one of your own sites. The best thing for you to do now is to try moving some of these sites to other servers and try to figure out which of those sites are spreading this infection and which ones are secure on their own and just getting cross-contaminated by the compromised site(s).

    #97048

    Tejas H
    Member

    I am facing the same issue. Have to run scan and clean files everyday. Thanks to this plugin its easy to keep cleaning.

    Server: Hostgator.com shared hosting

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Comments are closed.