Hacker attack

[Mark]

Google has taken down my site saying it's infected with malware after some hack.

Should be easy enough to remove the virus but how do I prevent this from happening again, how to do I check if it's infiltrated code or database.

How do I understand how they did it?

Heres the details as reported by Google

/vx/Office/asd/ScriptResource.axd?d=KozZrTVT8ndoIojtkc7ps-zrkEG427bomy-mzEko1QrwRvKEBPnBH-eEBG-fwBgYq7vo370eJLLGk7WUP2b7mI8TDWlp_qYPfXW_5pbAQZLH8_PPmuRYZViI-z0367-tVCsNT-4DayceIpClEr2xh51rkJ0nz9Zws1FVvy1dbq41&t=ffffffffab5b37cd

 

 

vx/Office/asd/ScriptResource.axd?d=P9Sp2kK_d4BNWXJEemNdILK9AkaZTG86MaHXVWE9ulLLVoOV2_uW1v0US-bX7dmgAnCfaQZZr5Xs_PMb2qlY_PZzJWUXIvFhdqwbDETknzEmfBkVtnOHt2UrW1fhYKSvnNu6LRTwvwsd5-_je6Walguw52MlxQXzYUZD9J954ItjszBMdOwHNUoRr-iIqIr00&t=545ba255

 

 

/vx/Office/asd/ScriptResource.axd?d=YfbPqEYj0W31Qd6b83PGlWON7nZi7y2471DNsdTWssElkCGzwOy2JjZMN6Q2J0CxzcQQMZxoFp-M9jgIk2__cRVfgn6cWZ7Z_b9bpoSJ9398HB6BkZgWc5aKYHnJsU-BmVVRY4UUCV5Fic6Gmpm_oZLb8Buaqp86-tiOy7lm8vuLYoTaNPLJWb1IMmHTO7uG0&t=545ba255

 

[datakick]

ScriptResource.axd

This doesn't look php related

[Mark]

Correct I don't think it has anything to do with PHP or any thirtybees file at this stage.

Back door access seems to have come through a file called home/waso.php, which I believe is a wordpress file.

 

They changed permissions and altered and added some other files Inc php.ini and  htaccess

 

I'll remove this post shortly @datakick as I've subsequently discovered it's not related to thirtybees.

Edited January 15, 2021 by Mark