Варианты решения Ваших вопросов

<< Назад       У нас все сайты недоступны

Вопрос: помогите что случилось ?

Здравствуйте. какие сайты ? из за которых ip сервера очутился в черном списке?

The IP address corresponds to a web site that is infected with a spam or malware forwarding link.

The website's host name is "askerpars.ru", and this link is an example of the redirect: "http://askerpars.ru/info.html".

In other words the website "askerpars.ru" has been hacked.

The web site "askerpars.ru" may not be familiar to you. This means that another customer of your provider is hosting their web site on the same IP address as you. In that case, you really need to get your provider to assist you.

Usually, the redirect takes the user's browser to a spam or malware site. It's usually fake russian pills or pornography.

Usually, the infection is a Cpanel, Plesk, Joomla or Wordpress CMS install that has become infected either through a vulnerability (meaning the CMS software is out of date and needs patching), or the owner of "askerpars.ru" has had their account information (userids/passwords) compromised. Then malicious software/files are being uploaded by ftp or ssl.

It is often simplest to disable or suspend the web site (meaning you can delist the IP to resolve your CBL listing issues) and then deal with the problem in a somewhat more leisurely/less-urgent fashion.

In many cases, particularly with older compromises, the criminals that hacked this site will have uploaded a wide variety of spamming and other compromise tools. Therefore, the account corresponding to "askerpars.ru" needs to be examined very carefully for signs of tampering. Further, the criminal will even modify existing web pages (particularly http://askerpars.ru itself) to have hidden references to pill/drug/porn sites. If you're not completely certain that you've removed all traces of the compromise, we strongly recommend reinstalling the site from scratch.

Furthermore, the site's passwords MUST be changed, and the customer should run anti-virus scanners on their own personal computers immediately to try to find and remove any keystroke loggers.

We believe that the malicious redirects are done by altering web server access control mechanisms (example, ".htaccess" files on Apache web servers), and causing the redirect to occur on all "404 url not found" errors. We would appreciate it if you can give us copies of the modifications that this infection has made to your system.

If you do not recognize the hostname "askerpars.ru" as belonging to you, it means that some other account on this shared hosting site has been compromised, and there is NOTHING you (or we) can do to fix the infection. Only the administrator of this machine or the owner of "askerpars.ru" can fix it.


а еще мы нашли это

{CAV}Php.Malware.Mailbot-1 : ./www/artlock.by/components/com_contact/views/categories/javascript.php
{CAV}PHP.Shell-83 : ./www/artlock.by/all/modules/calculator/sys.php
{CAV}Php.Malware.Mailbot-1 : ./www/artlock.by/modules/mod_articles_archive/tmpl/system.php
{CAV}PHP.Shell-83 : ./www/electrowave.by/components/com_acymailing/controllers/sys.php
{CAV}Php.Malware.Mailbot-1 : ./www/electrowave.by/modules/mod_amcallmeback/admin.php
{HEX}php.cmdshell.unclassed.356 : ./www/askerpars.ru/administrator/cachefix.php
{HEX}php.base64.v23au.183 : ./www/askerpars.ru/administrator/components/com_banners/models/fields/template.php
{HEX}php.base64.v23au.183 : ./www/askerpars.ru/components/com_newsfeeds/views/category/functions.php
{HEX}php.cmdshell.unclassed.356 : ./www/askerpars.ru/images/shwso.php
{HEX}php.cmdshell.unclassed.356 : ./www/askerpars.ru/images/cachefix.php
{HEX}php.cmdshell.unclassed.356 : ./www/askerpars.ru/images/store.php
{HEX}php.cmdshell.unclassed.356 : ./www/askerpars.ru/images/img.php
{HEX}php.generic.cav7.413 : ./www/askerpars.ru/images/sss.php
{HEX}php.base64.v23au.183 : ./www/askerpars.ru/media/k2/.config.php
{HEX}php.cmdshell.unclassed.356 : ./www/askerpars.ru/modules/mod_mapsgoogle/mod_mapsgoogle.php
{CAV}Php.Malware.Mailbot-1 : ./www/askerpars.ru/modules/mod_k2_tools/tmpl/files.php
{HEX}php.base64.v23au.183 : ./www/askerpars.ru/modules/mod_araticlws/mod_araticlws.php
{HEX}php.cmdshell.unclassed.356 : ./www/askerpars.ru/modules/mod_articless/mod_articless.php
{HEX}php.cmdshell.unclassed.356 : ./www/askerpars.ru/modules/mod_mapsapi/mod_mapsapi.php
{HEX}php.base64.v23au.183 : ./www/askerpars.ru/modules/mod_wrapper/model.php
{CAV}Php.Malware.Mailbot-1 : ./www/askerpars.ru/modules/mod_sj_accordion_modules/language/en-GB/system.php
{CAV}PHP.Shell-83 : ./www/dm-mebel.by/components/com_banners/helpers/sys.php
{CAV}Php.Malware.Mailbot-1 : ./www/dm-mebel.by/media/com_foxcontact/images/options.php
{CAV}PHP.Shell-83 : ./www/evrosetka.by/components/com_aicontactsafe/controllers/sys.php
{CAV}Php.Malware.Mailbot-1 : ./www/evrosetka.by/components/com_contact/models/files.php
{CAV}PHP.Shell-83 : ./www/budmov.ru/docs/installation/sys.php

и еще множество файлов которые антивирус не видит


сообщите ip с котрого вы будете работать для решения проблемы.

вы должны будете или очистить сайты или пересоздать их заново, так же поменять вс епароли


так же просьба создать тикет с того аккаунта на котором возникла проблема, эти сайты принадлежат пользователю askpars

<< Назад

© 2006 - 2017 Empire Host. All rights reserved