: How can I fix the #c3284d# malvertising hack on my website? For the past couple of weeks at semi regular intervals, this website has had the #c3284d# malware code inserted into some of its
For the past couple of weeks at semi regular intervals, this website has had the #c3284d # malware code inserted into some of its .php files. Also the .htaccess file had its equivelant code inserted. I have, on many occasions removed the malicious code, replaced files, changed the ftp password on my ftp client (which is CoreFTP), changed the connection method to FTPS for more secure storage of the password (instead of plain text).
I have also scanned my computer several times using AVG and Windows Defender which have found no malware on my computer which might have been storing my ftp passwords.
I used Sucuri SiteCheck to check my website which says my website is clean of malware which is bizarre because I just attempted to click one of the links on the site a minute ago and it linked me to another one of these random stats.php sites, even though it appears I have gotten rid of the #c3284d # code again (which will no doubt be re-inserted somehow in an hour or so)..
Has anyone found an actual viable solution for this malware hack?
I have done just about all of the things suggested here and here and the problem still persists.
Currently when I click on a link within the sites navigation menu within Google Chrome I get googles Malware warning page:
Warning: Something's Not Right Here! oxsanasiberians.com contains
malware. Your computer might catch a virus if you visit this site.
Google has found that malicious software may be installed onto your
computer if you proceed. If you've visited this site in the past or
you trust this site, it's possible that it has just recently been
compromised by a hacker. You should not proceed. Why not try again
tomorrow or go somewhere else? We have already notified
oxsanasiberians.com that we found malware on the site. For more about
the problems found on oxsanasiberians.com, visit the Google Safe
Browsing diagnostic page.
I'm wondering if it is possible that the Google Chrome browser I am using has itself been hacked? Does anyone else get re-directed when clicking links on the the website?
More posts by @Angie530
2 Comments
Sorted by latest first Latest Oldest Best
You must fully audit/cleanse any PC that has had the FTP password stored on it.
Remove the password from your FTP clients and change from another PC.
Be very wary of storing the FTP password in your clients - especially if you are not 100% sure the malware has been removed from the infected PC.
This one seems to spread through a few different means, but infecting a PC and scraping FTP passwords from apps like FileZilla seems to be th
Speak direct to the shared hosting company - it's not impossible there is an issue on that server and other customers are experiencing the same (similar) issues.You already updated your password information which makes no difference.
How long it takes from uploading a file to when it becomes 'hijacked'?
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.