maara Posted August 28, 2011 Share Posted August 28, 2011 Hi guys, I have problem. My site was invisible hacked and various malicious scripts were installed. Is there a way how tocheck whmcs installation for changed and added malicious files.SOmething like some script that scan whmcs folder compare if files arent changed ? thx in advance for help 0 Quote Link to comment Share on other sites More sharing options...
HostOrca Posted August 28, 2011 Share Posted August 28, 2011 You can try this http://www.blisstonia.com/software/WinMD5/ not used it myself though. You will need to download the original files from here, then compare them with the files from your site. If you have modified any files on your site though, like templates, then they will not match. Even after doing this, I would still delete your files off your server and upload fresh copies, and check your database aswell. You need to find out how the hacker got into your website first though. It is a waste of time sorting the site out, if you do not close the hole. 0 Quote Link to comment Share on other sites More sharing options...
maara Posted August 28, 2011 Author Share Posted August 28, 2011 HI thanks for a tip - gonna look to that. I was warned by google that sent me email my site was added as banned site because of a phisching script installed. Than google also sent warning to hostgator (my host) where their security admin removed phising script from my site (unfoirtunately they also removed alot of staff which were not malicious) Im running whmcs from joomla using jwhmcs integrator. From logs seems that no logins were compromised so most probable way how they get in was some joomla vulnerability in 3rd party joomla components installed - by my gues that was TP whois which served as domain lookup from joomla which I removed now. I changer logins and installed firewalls in joomla aswell as banned some countries and continents in htaccess so hope thia wont happen again.. Now IM trying for way how to check files if there is not something installed I overlooked and this is impossible to do manually. There is a script for joomla which check all files for changes cnd compare them with a original version from joomla site so I though if there is something similar for whmcs... your tip seems promising for file comparsion. Thanx for that. ANy other recommendation or tips are welcome 0 Quote Link to comment Share on other sites More sharing options...
mylove4life Posted August 29, 2011 Share Posted August 29, 2011 Hostgator is the worst place to have your site... I'd find a new place... spend the money and get a dedicated box.... my 2cents 0 Quote Link to comment Share on other sites More sharing options...
XN-Matt Posted August 29, 2011 Share Posted August 29, 2011 Hi guys, I have problem. My site was invisible hacked and various malicious scripts were installed. Is there a way how tocheck whmcs installation for changed and added malicious files.SOmething like some script that scan whmcs folder compare if files arent changed ? thx in advance for help I would recommend that apart from your config file (which is easy to check), that you move the current WHMCS file set to a different directory, upload a new copy of all the files, restore the config and then BY HAND restore your templates. Matt 0 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.