PDA

View Full Version : systemspage.php malicious script hack/spam



Fli
08-14-2014, 11:40 AM
If You witnessed maliciou script like systemspage.php

in my case it was in these wordpress directories:

wp-includes/js/tinymce/plugins/wplink/wp-content/plugins/counterize/ip_files/flags/
wp-includes/js/tinymce/plugins/directionality/
wp-content/themes/BlueOne/js/carousel/
wp-includes/js/tinymce/plugins/paste/
wp-content/plugins/akismet/_inc/img/
wp-includes/js/tinymce/plugins/wpfullscreen/
wp-content/plugins/terms-of-use-2/classes/models/


FIX
you can try to find this fileneme on your whole hosting account, remove it, setup cronjob to remove it (http://internetlifeforum.com/linux-forums/2217-linux-find-files-modiffied-certain-date-day-timeframe/), analyse file contents & setup removing script, ban IP which executed / run this script (not effective, in my case many IPs)..

you can also add .htaccess file to some folders of your website (folder in which systemspage.php appeared or some parrent folders). The .htaccess content can be something like this:


# disallow executing .php files
<Files *.php>
deny from all
</Files>

(more about above code: http://internetlifeforum.com/php-mysql-forum/2066-how-prevent-execution-injection-malicious-scripts-website/ )

test that your site is working after added above htaccess..!

- update your content management system (like wordpress) and their plugins

if theme was infected, try to use different theme and delete old one (backup before) .. etc.