1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Quick security specialist needed

Discussion in 'Custom Service/Development Requests' started by Coop1979, Jul 3, 2013.

  1. Coop1979

    Coop1979 Well-Known Member

    I have a malware infection on my server that I need assistance finding the source of, stopping, and blocking future damage. It is some sort of script that is inserting
    PHP:
    eval(gzinflate(base64_decode(...)))
    into my XenForo scripts as well as scripts for my other domains on the server.

    The server runs OS X, and anyone familiar with Linux, PHP-fpm, & Nginx would be of great assistance.

    I found a php file posing as a gif file within /private/var/tmp and have removed it, but the files keep getting the malicious
    PHP:
    eval(gzinflate(base64_decode(...)))
    code added to them.

    Please message me with your experience and rates.
     
  2. RoldanLT

    RoldanLT Well-Known Member

    I'm a fan of @Deebs on this terms.
     
  3. Tracy Perry

    Tracy Perry Well-Known Member

    Just as an aside... are any of the other sites WordPress. Most references I found to this referred to known security exploits with it and indicate needing to keep updated on them.
    While you are waiting for a response this site has some good information
    http://blog.aw-snap.info/2011/02/pharmacy-hack.html
     
    Last edited: Jul 3, 2013
    Coop1979 likes this.
  4. Coop1979

    Coop1979 Well-Known Member

    I believe I found the invading file and quashed it like a bug. So far it's been 12 hours without any new code added to my files.

    I have an OSCommerce site (an old one, too), that I believe is the source of the problem. I'll be deleting the whole thing over the weekend and moving to BigCommerce.

    Thanks for the Wordpress heads-up - I have updated all installations on the server.
     
  5. MattW

    MattW Well-Known Member

    Exactly how I got done back in 2009 via OSCommerce. Moved to OpenCart after that.
     

Share This Page