Announcement
Collapse
No announcement yet.
My Malware Nightmare
Collapse
X
-
I had my website checked by sucuri.net They removed all malware and installed a powerful firewall.
- Top
- Translate
- Bottom
-
I already had Sucuri fix it. I guess thats the perk of having one of the owners being a Charger fan. lol. What a nightmare.
- Top
- Translate
- Bottom
- Likes 1
Leave a comment:
-
I documented on vbulletin's forum, but for us the best course of action was to:
1) shut down the web server (apache in our case), and kill any php processes lingering around (if any)
2) backup the database
3) move the vb5 directory to vb5_hacked (you will need to copy some images from it later)
4) reinstall vb5 from scratch in a clean directory, up to the point you are supposed to run install.php, and instead run upgrade.php
5) continue with the "upgrade" -- it will connect to your existing database
6) fire up the web server
By doing this you have completely removed all nasty files from the equation, and haven't lost anything from your database at all.
You will need to restore your favicon, and possibly some images (logos) and what not from your images folder.
That turned out the easiest, fastest, and safest way for us to deal with it.
- Top
- Translate
- Bottom
- Likes 2
Leave a comment:
-
I was dealing with something similar about a week ago, except they were targeting Microsoft. Had my host remove the new directories then I did a clean install of the patched software. I feel like I caught it before too much damage was done.
- Top
- Translate
- Bottom
- Likes 1
Leave a comment:
-
My Malware Nightmare
So as a result of this hack i had to have Wayne Luke go in and remove files and get me back into my admin panel on the forum. But my members were still getting constant warnings of malware.
So i joined Godaddy Security and they ran a scan. Tons of Malware removed. Problem is it would seem there is still a bunch left over. I am getting constant emails regarding these threats from Google and Netcraft. I feel like i paid Godaddy and they got their money only to remove some stuff and then ignore my next requests to help me. Wayne is also unfindable.
This is what im dealing with now...
ββββββDear Sir or Madam,
We have discovered a phishing attack located on your network:
hxxp://thepowderblues[.]com/my/de535e267c10a7c88f2ed4283e8484da/signin.php?country=-&lang=en [198.54.113.182]
You may not have been aware of this attack, however, you are still responsible for removing it.
This attack targets our customer, Netflix, website URL https://www.netflix.com/.
Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.
Additionally, please send any files associated with the fraudulent content to [email protected] so that our customer and law enforcement agencies can investigate the incident further.
For more information please see https://incident.netcraft.com/0971dc6eb12f/
Regards,
Netcraft
_______________________
ββββββDear Sir or Madam,
We have discovered a phishing attack located on your network:
hxxp://thepowderblues[.]com/my/801c14f07f9724229175b8ef8b4585a8/signin.php?country=-&lang=en [198.54.113.182]
hxxp://thepowderblues[.]com/my/4f284803bd0966cc24fa8683a34afc6e/ [198.54.113.182]
hxxp://www.thepowderblues[.]com/my/2a3d6d6cc4b5e77238c1fc1bb6cdd681 [198.54.113.182]
hxxp://www.thepowderblues[.]com/my/2a3d6d6cc4b5e77238c1fc1bb6cdd681/signin.php?country=-&lang=en [198.54.113.182]
hxxp://www.thepowderblues[.]com/my/3ea2db50e62ceefceaf70a9d9a56a6f4 [198.54.113.182]
hxxp://thepowderblues[.]com/my/0b0b0994d12ad343511adfbfc364256e/ [198.54.113.182]
hxxp://thepowderblues[.]com/my/e6abb6620be44e2035008f84888a43b1/ [198.54.113.182]
hxxp://thepowderblues[.]com/my/ca8155f4d27f205953f9d3d7974bdd70/ [198.54.113.182]
hxxp://thepowderblues[.]com/my/0b0b0994d12ad343511adfbfc364256e/signin.php?country=-&lang=en [198.54.113.182]
hxxp://thepowderblues[.]com/my/e6abb6620be44e2035008f84888a43b1/signin.php [198.54.113.182]
hxxp://thepowderblues[.]com/my/4f284803bd0966cc24fa8683a34afc6e/signin.php [198.54.113.182]
hxxp://www.thepowderblues[.]com/my/3ea2db50e62ceefceaf70a9d9a56a6f4/signin.php?country=-&lang=en [198.54.113.182]
hxxp://thepowderblues[.]com/my/de535e267c10a7c88f2ed4283e8484da [198.54.113.182]
hxxp://thepowderblues[.]com/my/ [198.54.113.182]
hxxp://thepowderblues[.]com/my/ca8155f4d27f205953f9d3d7974bdd70/signin.php [198.54.113.182]
hxxp://thepowderblues[.]com/my/de535e267c10a7c88f2ed4283e8484da/signin.php?country=-&lang=en [198.54.113.182]
We believe that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
United Kingdom
We previously contacted you about this issue on 2019-10-05 12:28:31 (UTC).
Since our last notification, the following additional URL(s) have been detected:
hxxp://thepowderblues[.]com/my/ca8155f4d27f205953f9d3d7974bdd70/signin.php
hxxp://thepowderblues[.]com/my/
hxxp://thepowderblues[.]com/my/de535e267c10a7c88f2ed4283e8484da
hxxp://www.thepowderblues[.]com/my/3ea2db50e62ceefceaf70a9d9a56a6f4/signin.php?country=-&lang=en
hxxp://thepowderblues[.]com/my/4f284803bd0966cc24fa8683a34afc6e/signin.php
hxxp://thepowderblues[.]com/my/e6abb6620be44e2035008f84888a43b1/signin.php
hxxp://thepowderblues[.]com/my/0b0b0994d12ad343511adfbfc364256e/signin.php?country=-&lang=en
hxxp://thepowderblues[.]com/my/ca8155f4d27f205953f9d3d7974bdd70/
hxxp://thepowderblues[.]com/my/e6abb6620be44e2035008f84888a43b1/
hxxp://thepowderblues[.]com/my/0b0b0994d12ad343511adfbfc364256e/
hxxp://www.thepowderblues[.]com/my/3ea2db50e62ceefceaf70a9d9a56a6f4
hxxp://www.thepowderblues[.]com/my/2a3d6d6cc4b5e77238c1fc1bb6cdd681/signin.php?country=-&lang=en
hxxp://www.thepowderblues[.]com/my/2a3d6d6cc4b5e77238c1fc1bb6cdd681
hxxp://thepowderblues[.]com/my/4f284803bd0966cc24fa8683a34afc6e/
hxxp://thepowderblues[.]com/my/801c14f07f9724229175b8ef8b4585a8/signin.php?country=-&lang=en
You may not have been aware of this attack, however, you are still responsible for removing it.
This attack targets our customer, Netflix, website URL https://www.netflix.com/.
Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.
Additionally, please send any files associated with the fraudulent content to [email protected] so that our customer and law enforcement agencies can investigate the incident further.
For more information please see https://incident.netcraft.com/0971dc6eb12f/
Regards,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 7481416
To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: [email protected].
This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
_____________________
ββββββ
Dear Sir or Madam,
We have discovered a phishing attack located on your network:
hxxp://thepowderblues[.]com/my/8c9f32e03aeb2e3000825c8c875c4edd/signin.php [198.54.113.182]
hxxp://thepowderblues[.]com/my/801c14f07f9724229175b8ef8b4585a8/signin.php?country=-&lang=en [198.54.113.182]
hxxp://thepowderblues[.]com/my/4f284803bd0966cc24fa8683a34afc6e/ [198.54.113.182]
hxxp://www.thepowderblues[.]com/my/2a3d6d6cc4b5e77238c1fc1bb6cdd681 [198.54.113.182]
hxxp://www.thepowderblues[.]com/my/2a3d6d6cc4b5e77238c1fc1bb6cdd681/signin.php?country=-&lang=en [198.54.113.182]
hxxp://www.thepowderblues[.]com/my/3ea2db50e62ceefceaf70a9d9a56a6f4 [198.54.113.182]
hxxp://thepowderblues[.]com/my/0b0b0994d12ad343511adfbfc364256e/ [198.54.113.182]
hxxp://thepowderblues[.]com/my/e6abb6620be44e2035008f84888a43b1/ [198.54.113.182]
hxxp://thepowderblues[.]com/my/ca8155f4d27f205953f9d3d7974bdd70/ [198.54.113.182]
hxxp://thepowderblues[.]com/my/0b0b0994d12ad343511adfbfc364256e/signin.php?country=-&lang=en [198.54.113.182]
hxxp://thepowderblues[.]com/my/e6abb6620be44e2035008f84888a43b1/signin.php [198.54.113.182]
hxxp://thepowderblues[.]com/my/4f284803bd0966cc24fa8683a34afc6e/signin.php [198.54.113.182]
hxxp://www.thepowderblues[.]com/my/3ea2db50e62ceefceaf70a9d9a56a6f4/signin.php?country=-&lang=en [198.54.113.182]
hxxp://thepowderblues[.]com/my/de535e267c10a7c88f2ed4283e8484da [198.54.113.182]
hxxp://thepowderblues[.]com/my/ [198.54.113.182]
hxxp://thepowderblues[.]com/my/ca8155f4d27f205953f9d3d7974bdd70/signin.php [198.54.113.182]
hxxp://thepowderblues[.]com/my/de535e267c10a7c88f2ed4283e8484da/signin.php?country=-&lang=en [198.54.113.182]
We believe that this attack is being restricted so it is only visible from certain countries. Before deciding that the attack has been resolved please confirm it cannot be viewed from the following countries:
United Kingdom
We previously contacted you about this issue on 2019-10-05 13:31:34 (UTC).
Since our last notification, the following additional URL(s) have been detected:
hxxp://thepowderblues[.]com/my/8c9f32e03aeb2e3000825c8c875c4edd/signin.php
You may not have been aware of this attack, however, you are still responsible for removing it.
This attack targets our customer, Netflix, website URL https://www.netflix.com/.
Please remove this fraudulent content, and any other associated fraudulent content, as soon as possible.
Additionally, please send any files associated with the fraudulent content to [email protected] so that our customer and law enforcement agencies can investigate the incident further.
For more information please see https://incident.netcraft.com/0971dc6eb12f/
Regards,
Netcraft
Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 7481416
To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: [email protected].
This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.
_______________
Tags: None
- Top
- Translate
- Bottom
Users Viewing This Page
Collapse
There is 1 user viewing this forum topic.
- Guest
Latest Posts
Collapse
-
Get Affordable and Fast VPS for vBulletin -
by mbrmbrAs the title states, would you consider creating a mod that removes single post links from the home page? This would be for SEO purposes, search engines...Yesterday, 01:20 PM
Leave a comment: