Is this Malware code?

by Jupitor

Posted: 12 years ago 15 replies

PROGRAMMING

Google has identified my sites as having Malware. I am trying to find where the code is. Can anyone tell me if all of this in an .htaccess file is malicious code? Thanks!
# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress
<Files 403.shtml>
order allow,deny
allow from all
</Files>
deny from 83.103.119.239
deny from 80.83.210.250
deny from 69.90.162.100
deny from 193.105.240.173
deny from 80.243.174.25
deny from 174.37.182.234
deny from 69.125.222.180

#code #malware

Earnie Boyd 12 years ago

No it isn't. Everything there looks fine to me. Usually you'll find javascript redirecting to a site or pulling information from a site which is what Google is picking up on.
- Thanks
Signature
Earnie Boyd
{{ DiscussionBoard.errors[6111121].message }}
Blackhat Articles 12 years ago

this is your .htaccess file's contents. check index.php or footer.php in your current wordpress theme. you can also check your website at sucuri dot net.
- Thanks
{{ DiscussionBoard.errors[6111440].message }}
GFI 12 years ago

Well, I don't think so that it is a malware virus, do you have any viruses in your PC? Or you upload things from your computer on your site?
- Thanks
- 1 reply
{{ DiscussionBoard.errors[6111481].message }}
- BlueLayerHost 12 years ago
  
  That's definitely not malware. How about providing a link to the site so we can look and see?
  
  Thanks
  
  Signature
  BlueLayerHost - Shared + Managed VPS Hosting
  BlueLayerMedia - Web Development
  WPMalware - Resource for WordPress Seurity + Exploits
  
  {{ DiscussionBoard.errors[6113562].message }}
IdeaBox 12 years ago

If you're using a nulled/cracked CSM/Forum/Blog software, chances are theirs a phishing site embedded somewhere.
- Thanks
{{ DiscussionBoard.errors[6121209].message }}
paparts 12 years ago

check your scripts. Some injects js on it and redirects it on a malware infected site
- Thanks
{{ DiscussionBoard.errors[6123773].message }}
n7 Studios 12 years ago

The approach to take with this is:

1. Download a copy of your web site files
2. Search through all of the files using a text editor or similar for any of the following words:
eval
base64
<script

3. Look at every match that appears, and if any of them have what appear to be 'garbled' or non-readable code e.g. a lot of random letters, numbers and symbols, then it's likely to be the offending malware.

You also haven't advised what the web site is running e.g. static site, WordPress, bespoke, as well as any relevant versions e.g. if WordPress, what version are you running?

This is an important question, because there may then be additional steps you'll need to take to ensure a repeat of the incident doesn't happen, such as upgrading WordPress, fixing directory permissions on the server etc.

Tim.
- Thanks
Signature
THE Web Development Guru - Bespoke WordPress Theme, Plugin + iPhone Apps [HTML5, CSS3, PHP, MySQL].
{{ DiscussionBoard.errors[6124089].message }}
brandonthomas Banned 12 years ago

Hello,

Maybe your site was hacked and the htaccess file was compromised.
- Thanks
{{ DiscussionBoard.errors[6290335].message }}
CrossHash 12 years ago

i think the first thing to do would be to post your website address ( visitors to have their firewalls and antivirus up to date first ) .. and then we can get a better idea of whats on your site.. CMS .. shopping cart ... who your site is hosted with .. are they secure .. check your info() .php for autoappend .. autoprepend ...
- Thanks
Signature

Paul Morris
{{ DiscussionBoard.errors[6291432].message }}
so11 12 years ago

Hello,

1. Do not download anything on your computer.
2. Audit/scan your site for vulnerabilities using a web application security scanner
3. correct/patch identified problems.

So11
- Thanks
Signature
www.groupesoloviev.com
We help businesses manage cyber risk and compliance requirements.
{{ DiscussionBoard.errors[6344593].message }}
zdorian 12 years ago

You should check with google, they will know the best
- Thanks
{{ DiscussionBoard.errors[6344770].message }}
automaton 12 years ago

Your .htaccess file looks ok. The usual suspects for such cases are often the WP plugins. There are free WP scanners available which you might want to use to check your WP blog for potential vulnerabilities.
- Thanks
{{ DiscussionBoard.errors[6345282].message }}
teguhyuliantos 12 years ago

To make sure your question, better to scann your system use antivirus. After that, you can check it these code, its appear or not?
- Thanks
Signature
Specialized Web Hosting for ASP.NET | Latest Hosting Technology Supported
{{ DiscussionBoard.errors[6348557].message }}
MightyWarrior 12 years ago

google can't see your .htaccess file
- Thanks
{{ DiscussionBoard.errors[6373587].message }}
BenQ 12 years ago

Check your plugins. If you have nny that you picked up off BH sites, I'd start the search there and review their main php files. Search for "greek" it's a very common head injection.
- Thanks
Signature

STOP Using PBNs - Get Better SEO and FREE Traffic!
{{ DiscussionBoard.errors[6376304].message }}

Is this Malware code?

Trending Topics

Let's dissect the genius behind Nike's 'Just Do It' slogan. What makes it so powerful and timeless?

4 underutilised SEO research approaches to explore

A Very Strange Internet Problem

Google Ads, landing pages, and Clickbank links

Melb, Interat, Flower Show 2024