Mark Posted January 15, 2021 Share Posted January 15, 2021 Google has taken down my site saying it's infected with malware after some hack. Should be easy enough to remove the virus but how do I prevent this from happening again, how to do I check if it's infiltrated code or database. How do I understand how they did it? Heres the details as reported by Google /vx/Office/asd/ScriptResource.axd?d=KozZrTVT8ndoIojtkc7ps-zrkEG427bomy-mzEko1QrwRvKEBPnBH-eEBG-fwBgYq7vo370eJLLGk7WUP2b7mI8TDWlp_qYPfXW_5pbAQZLH8_PPmuRYZViI-z0367-tVCsNT-4DayceIpClEr2xh51rkJ0nz9Zws1FVvy1dbq41&t=ffffffffab5b37cd vx/Office/asd/ScriptResource.axd?d=P9Sp2kK_d4BNWXJEemNdILK9AkaZTG86MaHXVWE9ulLLVoOV2_uW1v0US-bX7dmgAnCfaQZZr5Xs_PMb2qlY_PZzJWUXIvFhdqwbDETknzEmfBkVtnOHt2UrW1fhYKSvnNu6LRTwvwsd5-_je6Walguw52MlxQXzYUZD9J954ItjszBMdOwHNUoRr-iIqIr00&t=545ba255 /vx/Office/asd/ScriptResource.axd?d=YfbPqEYj0W31Qd6b83PGlWON7nZi7y2471DNsdTWssElkCGzwOy2JjZMN6Q2J0CxzcQQMZxoFp-M9jgIk2__cRVfgn6cWZ7Z_b9bpoSJ9398HB6BkZgWc5aKYHnJsU-BmVVRY4UUCV5Fic6Gmpm_oZLb8Buaqp86-tiOy7lm8vuLYoTaNPLJWb1IMmHTO7uG0&t=545ba255 Link to comment Share on other sites More sharing options...
0 datakick Posted January 15, 2021 Share Posted January 15, 2021 ScriptResource.axd This doesn't look php related Link to comment Share on other sites More sharing options...
0 Mark Posted January 15, 2021 Author Share Posted January 15, 2021 (edited) Correct I don't think it has anything to do with PHP or any thirtybees file at this stage. Back door access seems to have come through a file called home/waso.php, which I believe is a wordpress file. They changed permissions and altered and added some other files Inc php.ini and htaccess I'll remove this post shortly @datakick as I've subsequently discovered it's not related to thirtybees. Edited January 15, 2021 by Mark Link to comment Share on other sites More sharing options...
Question
Mark
Google has taken down my site saying it's infected with malware after some hack.
Should be easy enough to remove the virus but how do I prevent this from happening again, how to do I check if it's infiltrated code or database.
How do I understand how they did it?
Heres the details as reported by Google
Link to comment
Share on other sites
2 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now