Problem sa web stranicom ( mozda je i hakovana )

CMS (Wordpress, Joomla...)
1

Krenem juce da udjem na site ( www.phonespal.com ) i izbaci mi ovu gresku This Account Has Been Suspended Please contact the billing/support department as soon as possible.

Kontaktirao sam hosting i oni kazu da nemaju nista s timi poslali su mi ovu poruku.

Hello,

We have blocked http access to one of your accounts due to violation of our terms of service. You can read our terms of service at Terms Of Service | ScalaHosting

Domain name: phonespal.com
Username: phonespa
Server name: taurus.vivawebhost.com
Reason for the block: HACKED - /home/phonespa/public_html/wp-read.php ; /home/phonespa/public_html/wp-includes/wp-script.php

Please check our knowledge base articles regarding abuse problems at https://www.scalahosting.com/clients/knowledgebase/1/Abuse

Once you are ready to work on the account and resolve the problem please update this ticket with your IP address so that we can enable access for it and let you access the account. Once the problem is resolved we can enable full access to the account. Please follow the steps listed in the knowledge base articles to resolve the problem.

i kasnije ovo

Hello,

The full list of the infected files

/home/phonespa/public_html/igrice/wp-admin/includes/external.php
/home/phonespa/public_html/igrice/wp-admin/js/menu.dev.js
/home/phonespa/public_html/igrice/wp-admin/js/menu.js
/home/phonespa/public_html/igrice/wp-admin/link-delete.php
/home/phonespa/public_html/igrice/wp-admin/menu-foter.php
/home/phonespa/public_html/igrice/wp-admin/network/connections/index-extra.php
/home/phonespa/public_html/igrice/wp-admin/network/connections/index.php
/home/phonespa/public_html/igrice/wp-admin/network/user-list.php
/home/phonespa/public_html/igrice/wp-content/themes/TheTravelTheme/includes/cache/1db0ab3854951464308bb0e72e7f8166.php
/home/phonespa/public_html/igrice/wp-content/themes/TheTravelTheme/includes/cache/debeae03eb778498694399965b3101f7.php
/home/phonespa/public_html/igrice/wp-content/themes/twentyfourteen/inc/back-mode.php
/home/phonespa/public_html/igrice/wp-content/themes/twentyfourteen/inc/imagess.php
/home/phonespa/public_html/igrice/wp-content/themes/wtb-game/footer.php
/home/phonespa/public_html/igrice/wp-content/themes/wtb-game/index.php
/home/phonespa/public_html/igrice/wp-includes/css/admin-dev-rtl.css
/home/phonespa/public_html/igrice/wp-includes/css/admin-jquery.css
/home/phonespa/public_html/igrice/wp-includes/entry.php
/home/phonespa/public_html/igrice/wp-includes/images/smilies/license.txt
/home/phonespa/public_html/igrice/wp-includes/images/wlw/license.txt
/home/phonespa/public_html/igrice/wp-includes/js/tinymce.dev.js
/home/phonespa/public_html/igrice/wp-includes/js/tinymce.js
/home/phonespa/public_html/igrice/wp-includes/js/tinymce/langs/wp-langs-en.php
/home/phonespa/public_html/igrice/wp-includes/js/tinymce/langs/wp-langs.js
/home/phonespa/public_html/igrice/wp-includes/js/tinymce/tiny_mce_plugins.php
/home/phonespa/public_html/igrice/wp-includes/pomo/query.php
/home/phonespa/public_html/igrice/wp-includes/post-media.php
/home/phonespa/public_html/igrice/wp-includes/Text/Diff/Engine/Engine.php
/home/phonespa/public_html/igrice/wp-includes/Text/Diff/Engine/feed-atom.php
/home/phonespa/public_html/igrice/wp-includes/Text/Diff/Engine/feed.php
/home/phonespa/public_html/igrice/wp-includes/Text/Diff/Engine/query.php
/home/phonespa/public_html/igrice/wp-includes/Text/Diff/post-media.php
/home/phonespa/public_html/igrice/wp-includes/Text/Diff/Renderer/query.php
/home/phonespa/public_html/wordpress.com/cpx.php
/home/phonespa/public_html/wordpress.com/id.txt
/home/phonespa/public_html/wordpress.com/images1.php
/home/phonespa/public_html/wordpress.com/images.php
/home/phonespa/public_html/wordpress.com/magic1.php
/home/phonespa/public_html/wordpress.com/magic.php
/home/phonespa/public_html/wordpress.com/petx.php
/home/phonespa/public_html/wordpress.com/sadow.txt
/home/phonespa/public_html/wordpress.com/sad.txt
/home/phonespa/public_html/wp-includes/wp-script.php
/home/phonespa/public_html/wp-read.php

Obrisao sam ove podkategorije igrice i wordpress jer su mi to bile neke probne stranice nisam ni koristio.

I na kraju treca poruka.

Hello Anel,

Thank you for contacting us. We are not the developers of the site and we are not aware of its configuration. You must contact the developer of the site and he can update the scripts for your site. Once tyou contact him provide us his IP address and we will enable the account for it so he can login and start cleaning/updating the scripts.

Thank you for using Scala Hosting services! If you have any additional questions please let us know.

Prvi put se susrecem s ovakvim, ako moze neko pomoci dobro bi mi doslo. :smile:

2

Po ovome hosting provajder ti je suspendirao acc. radi kršenja uvjeta korištenja.

3

Pa nisam nista radio mimo njihovih pravila. Cak 10 dana nisam koristio ni hosting ni stranicu, jer sam bio van drzave.

4

Kolo sreče:

Pogađao bih, INSTALIRAO SAM “NULLED” TEMU

5

jesam :confused: ali nije mi se to prije nikad desavalo

6

Sada ti se desilo :wink: Dakle prekršio si uvjete korištenja hosting provajdera

7

E nisam znao da mogu i za to obrisati sajt. Pa imam tri sajta sa “free” temama koji godinama stoje i nikad nisu obrisani.

8

Nisu ti blokirali sajt radi toga sto si instalirao nulled temu, vec zato sto ti je ocito netko uspio dobiti pristup serveru (najvejrojatnije putem nekog malicioznog koda u nulled temi) i ubaciti neke svoje datoteke/kod. Hosting te je onda naravno blokirao kako ti kodovi ne bi zarazili posjetioce tvoje web stranice.

Uglavnom, lekcija naucena, ne koristi nulled teme/pluginove, updateaj sve cim izadju nove verzije WordPress-a/teme/pluginova i to je to.

9

Pa jeste, jer kad sam usao u file menager, vidim da je neko ubacivao kodove juce i prije 3 dana. To sam sve pobrisao. Sta mi je sad ciniti? backup imam uradjen, hocu li brisati sve iz cpanela i uploadati?

10

Ne koristiti nulled teme/pluginove.Vrlo jednostavno.

11

Ako vratiš backup ništa nećeš postići jer opet je ista tema i opet ćeš biti suspendovan ako ti se ponovi ista greška. Znači neka free tema i sve ponovo. Jer u toj temi i pored backup-a koji imaš ti treba da je pretreseš od nule i da nađeš propust tj. maliciozni kod koji je ubačen u neki php fajl.

Ko zna koliko je ta osoba imala pristup tvom sajtu pa je samo čekala priliku da odradi posao i ko zna koliko je njih doživeli isto to kao i ti, pa se dobro opeklo…

12

Nulled i free nije isto…

13

Wtb game je free tema, a ne nulled. Netko te hakirao.

14

Znam i ko je :slight_smile: . Hoce li mi pomoci,ako obrisem sve i stavim samo backup od prije 10 dana kad je sve bilo uredu?

15

Hm,tako ce mozda bit ok,probaj.

16

Ako već koristiš nulled teme, moj savjet ti je da uradiš sledeće u ftp:
Pronađi ove stavke i desnim klikom Properties
Zatim im dodaj ove vrijednosti.
Ne bi trebalo da bude nikakvih odraza na samu web stranicu, a ti bi je zaštitio od upada. Imao sam iste probleme kao i ti. Od kada ovo namjestim problemi su nestali :smile:

.htaccess 404
index.php 400
wp-blog-header.php 400
wp-config.php 400
xmlrpc.php 400

wp-admin 701
wp-content 705
wp-includes 701

1 Like
17

Isto tako preporučeno je da nakon toga promjenite lozinku od FTP-a / Wordpressa.

  • Nulled teme koriste skripte koje se includeaju u temi npr. “social.png” koja bi trebala biti slika je PHP file zlonamjernog koda includean u functions.php ili nekom drugom fileu.
1 Like
18

Hvala obojici. Sad cu nsmjestiti ove postavke.

1 Like