Current time: 04-23-2014, 11:05 PM Hello There, Guest! (LoginRegister)

Post Reply 
xpltscn_alpha120307
03-08-2012, 09:17 PM
Post: #18
RE: xpltscn_alpha120307
(03-07-2012 10:47 PM)sXi Wrote:  I realise you are trying to help, but you are not understanding what is actually happening.

That cleaner detects one thing until that one thing is run through a reiteration (it already has been btw) which leaves the "vaccine" totally useless. There have been simple grep lines posted in the hack thread that are far superior to that cleaner by orders of magnitude - and even they are lacking. The scanner site you linked to simply reads your site like any search engine does and flags it if it sees post-exploitation redirects.

The goal here is something that is as future-proof detection-wise as is possible, and that reverts sites back to a pre-hack condition after removing all known active exploits and hidden shells.

*sigh* I knew posting here was a bad idea. This thread was bound to be hijacked from the outset.

Hey sXi and Bobocat,

I was just sharing what I did to clean the site and then I had to go into everything and update all plug ins which needed to be updated and then I made sure to change the chmode structure of the folders.

I really do appreciate your help with everything and I am currently getting ssh situated so I can run some commands to find any files that are left over. My next step is to change every single password including the databases. It is a weird hack in that only about half of my users where effected. I am just glad that so far I have not lost anything yet.

I really do appreciate your help and I am sorry if I confused anyone. It was not my intention as the scope of this can be a bit overwhelming when I know enough to be dangerous lol.

Aaron
Find all posts by this user
Quote this message in a reply
Post Reply 


Messages In This Thread
xpltscn_alpha120307 - sXi - 03-07-2012, 04:45 AM
RE: xpltscn_alpha120307 - -Oz- - 03-07-2012, 07:48 AM
RE: xpltscn_alpha120307 - kelly7552 - 03-07-2012, 09:13 AM
RE: xpltscn_alpha120307 - sXi - 03-07-2012, 01:35 PM
RE: xpltscn_alpha120307 - -Oz- - 03-07-2012, 02:09 PM
RE: xpltscn_alpha120307 - sXi - 03-07-2012, 02:26 PM
RE: xpltscn_alpha120307 - aarbarr - 03-07-2012, 07:37 PM
RE: xpltscn_alpha120307 - sXi - 03-07-2012, 07:54 PM
RE: xpltscn_alpha120307 - aarbarr - 03-07-2012, 07:59 PM
RE: xpltscn_alpha120307 - sXi - 03-07-2012, 08:12 PM
RE: xpltscn_alpha120307 - aarbarr - 03-07-2012, 08:16 PM
RE: xpltscn_alpha120307 - sXi - 03-07-2012, 08:37 PM
RE: xpltscn_alpha120307 - aarbarr - 03-07-2012, 08:43 PM
RE: xpltscn_alpha120307 - aarbarr - 03-07-2012, 10:10 PM
RE: xpltscn_alpha120307 - bobocat - 03-07-2012, 10:31 PM
RE: xpltscn_alpha120307 - sXi - 03-07-2012, 10:47 PM
RE: xpltscn_alpha120307 - -Oz- - 03-08-2012, 09:14 PM
RE: xpltscn_alpha120307 - aarbarr - 03-08-2012 09:17 PM
RE: xpltscn_alpha120307 - ajburns - 03-08-2012, 09:19 PM
RE: xpltscn_alpha120307 - bobocat - 03-08-2012, 09:29 PM
RE: xpltscn_alpha120307 - mzmartipants - 03-16-2012, 10:04 AM
RE: xpltscn_alpha120307 - bobocat - 03-16-2012, 06:35 PM
RE: xpltscn_alpha120307 - aarbarr - 03-08-2012, 10:34 PM
RE: xpltscn_alpha120307 - bobocat - 03-08-2012, 11:03 PM
RE: xpltscn_alpha120307 - sXi - 03-08-2012, 11:10 PM
RE: xpltscn_alpha120307 - aarbarr - 03-09-2012, 07:50 AM
RE: xpltscn_alpha120307 - bobocat - 03-09-2012, 04:59 PM
RE: xpltscn_alpha120307 - mzmartipants - 03-09-2012, 04:20 PM
RE: xpltscn_alpha120307 - sXi - 03-10-2012, 10:06 AM
RE: xpltscn_alpha120307 - akiratheoni - 03-14-2012, 09:31 PM
RE: xpltscn_alpha120307 - sXi - 03-15-2012, 06:25 AM
RE: xpltscn_alpha120307 - aimutch - 03-15-2012, 10:39 AM
RE: xpltscn_alpha120307 - aimutch - 03-15-2012, 09:30 PM
RE: xpltscn_alpha120307 - sXi - 03-15-2012, 09:44 PM
RE: xpltscn_alpha120307 - akiratheoni - 03-16-2012, 11:37 AM
RE: xpltscn_alpha120307 - aimutch - 03-16-2012, 06:02 PM
RE: xpltscn_alpha120307 - sXi - 03-16-2012, 11:43 AM
RE: xpltscn_alpha120307 - aimutch - 03-18-2012, 08:16 AM
RE: xpltscn_alpha120307 - jlsenn - 03-22-2012, 04:16 PM

Forum Jump: