My Site's been hacked!

emmsana

emmsana

Member
Feb 14, 2021
106
14
18
GuestofHonor said:
Maybe since you already have the injector on your website it just inject all php codes ?!
I'm using kaspersky total security and it usualy detect all infected php files, i will run a scanon the files you mentioned if you give me the post link and the version
Click to expand...
Woozone

Wordfence




Kindly help scan the recent one
Woozone
 
  • Like
Reactions: madmadworld
GuestofHonor

GuestofHonor

Active member
Trusted Uploader
Jan 30, 2021
194
223
43
47
United Arab Emirates
smilecare.ae
emmsana said:
Woozone

Wordfence




Kindly help scan the recent one
Woozone
Click to expand...
Neither of the plugins have any virus or even the infected dot file you posted in the screenshots !!!
Please download both files and check if the files are there and you will see they are not !
 
emmsana

emmsana

Member
Feb 14, 2021
106
14
18
GuestofHonor said:
I have just checked wordfence 7.7.1 and the infected file that you have in the screenshot is not even in the package !!
It must have been copied there by the malware that you already have on the server !
Please check the downloaded package locally on your PC and you will understand what i'm talking about !
and if you notice that it's already a dot file in both locations of the screenshots
I believe that you should've investigated this before you post such a comment, right ?
Click to expand...
GuestofHonor said:
Neither of the plugins have any virus or even the infected dot file you posted in the screenshots !!!
Please download both files and check if the files are there and you will see they are not !
Click to expand...
What do you suggest i do?
This is serious.
i just tried to install the website backup on a sub-domain, scanned and clicked on delete all infected file since it could not repair and wolla, the website is totally broken.

i have to rebuild now or what do you advice i do. how come the virus is affecting the website?

kindly help me check the theme and main plugin with your antivirus so as to know my fate

Theme
 
GuestofHonor

GuestofHonor

Active member
Trusted Uploader
Jan 30, 2021
194
223
43
47
United Arab Emirates
smilecare.ae
emmsana said:
What do you suggest i do?
This is serious.
i just tried to install the website backup on a sub-domain, scanned and clicked on delete all infected file since it could not repair and wolla, the website is totally broken.

i have to rebuild now or what do you advice i do. how come the virus is affecting the website?

kindly help me check the theme and main plugin with your antivirus so as to know my fate

Theme
Click to expand...
have you checked for the files after unzipping the downloaded plugins to your PC ? it will not be there
if you want to test you cannot just install on a subdomain because the virus already have access !!!
what theme are you using ?! and if you can PM your website URL
no malware detected in both the theme or woozone
P.S: check your code manually for includes of the detected files you mentioned in the screenshots . it was a dot files so maybe it's used as a file include in your main code.
 
Last edited:
  • Like
Reactions: gabrieldev023
hrdev

hrdev

Member
Jan 29, 2021
44
16
8
Dear All,

Delete all infected file manually then, change your php file system, ex. if php 7.4 then change it to 8.0 or 8.1 or 7.2 anything,
 
  • Like
Reactions: YUCATAN.DANCE
Ekushey

Ekushey

Member
Oct 19, 2022
49
12
8
Custom B said:
Lesson learnedOnly use

I'm just kidding?!..anyways rule of thumb is nulled for staging/testing and ffs buy your themes and plugins for production..if one can not afford to buy, then use the free versions
Click to expand...
That makes a lot of sense. Using one or two nulled plugin from a trusted source is fine, that way in case of an hack/malware incident the cause of it can be easily identified.
 
Energy

Energy

Active member
Dec 19, 2019
198
90
28
AlexRazor said:
2 year ago I purchase avada theme and 2 day later my website hacked!
Click to expand...
This is exactly why people need to stop blaming nulled resources whenever a website gets hacked/exploited. One of my websites was using a nulled theme and was later attacked by some azzhole using a (RFI) remote file inclusion attack. He dropped a shell onto my server using the theme's 💩 code. He then tried adding more malicious files but my hosting provider blocked all attempts and the "hacker" gave up to bother someone else.

After, I go to the theme's Envato Themeforest page and look at the log to realize that the theme was last updated the day prior. Apparently the theme creator had to update the theme files because his buyer's we're complaining to him about their sites getting hacked because his code was easily exploitable.

Nothing to do with nulled themes versus purchased themes. Just simply a garbage coded theme. Glad I didn't actually pay for it 😁 And for the most part I trust Babiato uploaders who are nice enough to share files, but sometimes I also like to purchase themes when I have enough money and want to support the theme creator. However if your client is paying you to setup a website for them, don't use a nulled theme. Give them what they pay for. My opinion 👍
 
  • Like
Reactions: comcpa2022 and Proxybunker
J

jonhcarter

Guest
I mostly use nulled plugins/themes from day one & the websites are running fine without any problems.

Hostgator hosting sucks. it's full of viruses. a few years back I migrated my new client website from Hostgator to my hosting & it was fully infected with malware. our malware found hundreds of malware-infected files in his backup file.
 
Custom B

Custom B

Active member
Feb 29, 2020
137
123
43
Energy said:
This is exactly why people need to stop blaming nulled resources whenever a website gets hacked/exploited. One of my websites was using a nulled theme and was later attacked by some azzhole using a (RFI) remote file inclusion attack. He dropped a shell onto my server using the theme's 💩 code. He then tried adding more malicious files but my hosting provider blocked all attempts and the "hacker" gave up to bother someone else.

After, I go to the theme's Envato Themeforest page and look at the log to realize that the theme was last updated the day prior. Apparently the theme creator had to update the theme files because his buyer's we're complaining to him about their sites getting hacked because his code was easily exploitable.

Nothing to do with nulled themes versus purchased themes. Just simply a garbage coded theme. Glad I didn't actually pay for it 😁 And for the most part I trust Babiato uploaders who are nice enough to share files, but sometimes I also like to purchase themes when I have enough money and want to support the theme creator. However if your client is paying you to setup a website for them, don't use a nulled theme. Give them what they pay for. My opinion 👍
Click to expand...
"..However if your client is paying you to setup a website for them, don't use a nulled theme. Give them what they pay for..." This is very well said and i think the most pros in here stick to it.

We all can also agree to your point that purchased themes and plugins can have vulnerabilities that mostly lead to a site-takeover and avada had some of these already, that is part of software development in many cases. It can be avoided but never denied😁:

"..Nothing to do with nulled themes versus purchased themes."..I can only disagree to that, simply because nulled themes/plugins that come from untrusted (even sometimes trusted) sources have a much higher risk of being intentionally infected. And as such they are never tested by security providers like wordfence and others...because they are not official. So they keep spreading and infecting...

I mean it's so easily done, everyone can doit and post it even here..Take a theme/plugin, unzip it, copy-paste a reverse shell into a php file, zip it all together and paste it in any of the forums.."Hey, here is latest of avada theme, nulled and virustotal check..enjoy!"😇 ..Not all but many will fall for it!

regards!
 
jpond262176

jpond262176

Active member
May 4, 2022
210
66
28
Maybe what the best thing to do is have a section where people can upload their plugins and when others have time they might be able to check the plugin code (experienced people).

There must be a warning in the post that tells people not to use the plugins attached because of hacking attempts / takeovers.

People need to understand that using nulled plugins may have problems with vulnerable code and it's up to the site builder to fix.

This sort of thing is super common.
 
3xploit

3xploit

Member
Nov 14, 2022
92
36
18
indonesia
jpond262176 said:
Maybe what the best thing to do is have a section where people can upload their plugins and when others have time they might be able to check the plugin code (experienced people).

There must be a warning in the post that tells people not to use the plugins attached because of hacking attempts / takeovers.

People need to understand that using nulled plugins may have problems with vulnerable code and it's up to the site builder to fix.

This sort of thing is super common.
Click to expand...

if someone upload clean or untouched plugin from original developer, we can compare with nulled version here, what suspicious with there code
 
  • Like
Reactions: jpond262176
You must log in or register to reply here.

Similar threads

teknobu
  • Locked
How do they make the Envato file download site?
Replies
1
Views
97
General Discussion
comcpa2022
comcpa2022
cteq1
Everytime I connect to site I get Adbloc pop up. I have disabled and removed it
Replies
2
Views
358
General Discussion
vinu
vinu
yokina.dev
want to create own video host site | PHP
Replies
1
Views
331
General Discussion
ukgamer
U
herrada
Need a basic Logo For a Free Guest Posting Site
Replies
7
Views
563
General Discussion
herrada
herrada
S
Wordpress Site hacked
Replies
7
Views
691
General Discussion
mi2brich
mi2brich

Latest posts

Forum statistics

Threads
69,206
Messages
908,337
Members
236,859
Latest member
funnylogs

Share this page

Share this page

About us

  • Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. We are working every day to make sure our community is one of the best.

Quick Navigation

Forums Contact us

User Menu

Login
Community platform by XenForo © 2010-2022 XenForo Ltd.
Top Bottom