UltraVNC

[B]

Just a heads-up to those with shared hosting accounts at GoDaddy, DreamHost, Network Solutions, and other places. There's a new PHP-related exploit going around that makes web sites sources of drive-by trojan/scareware infections. Infects all .php files on the site. Payload installs in IE8 automatically.

Not just WordPress or Joomla but ANY PHP-based site can be hit (on these vulnerable shared hosters). We had a GoDaddy site that was infected, and may very well get reinfected, since GoDaddy hasn't admitted any weakness (but Network solutions actually has, to their shared hosting customers).

http://www.tgdaily.com/security-feature ... ck-attacks

http://www.scmagazineus.com/widespread- ... le/169956/

Fixes at http://blog.sucuri.net/2010/05/lots-of- ... using.html

[JonathanBB]

HI B

Thanks for this update I had been infected by this bug recently and one of my website is still playing up but it is not even a php based website. Is there a way of determining exactly what is wrong with my hosting account?

How can I remove this bug?


Thanks

[B]

Really? That notice was a YEAR ago! Sorry to hear you're still infected. Unfortunately this isn't a security forum (or a web hosting forum) and I really don't have much advice for you. If you can, I would probably just "wipe" your existing web site, start from scratch, and VERY selectively restore files that you are sure are safe. (Oh, and of course back up the site first if you haven't already.)

[mwilson]

It really is hard to cope up with security threats unless you have excellent security measures. And even with a tough security, there still will be those smaller attacks which can pass through. I am a security "expert" and my main concern is how the system will handle attacks like this. I have been doing a lot of security modules and one of the biggest concerns is how you will be able to shut down before the attack penetrates the core.