Solved

Our site is infected with Exploit Blackhole - What should we do?

Posted on 2011-03-04
9
728 Views
Last Modified: 2012-05-11
See screenshot. This is coming from OUR website which is 100% legitimate and wordpress-based. What would be the first step to fixing this?

Screenshot of Exploit Blackhole
0
Comment
Question by:freshjuice
9 Comments
 
LVL 70

Accepted Solution

by:
Jason C. Levine earned 300 total points
ID: 35037912
Hi fresh juice,

Get your hosting provider on the phone immediately.  They should have the tools and expertise to deal with this.  Unless you know server security backwards and forwards, you are out of your depth.

Generally this happens because the server has been compromised and not because of WordPress, assuming you are running a relatively recent version.
0
 
LVL 16

Assisted Solution

by:sjklein42
sjklein42 earned 100 total points
ID: 35037932
Your site IS infected!

It looks like the infection is at the Web Server level not in your own scripts.

Who is your ISP?  Where is your site hosted?  Do you host it yourself?  The server is infected.

Are there other sites on the same server?  Can you check if they are infected, too?
0
 
LVL 76

Expert Comment

by:arnold
ID: 35038005
The issue is with one of your advertisers who has some of their stuff on IP 195.80.151.171.
If you can determine which advertiser of yours has this IP, you should notify them and until they fix their site suspend them from the ad rotation.
0
 
LVL 76

Expert Comment

by:arnold
ID: 35038026
One other thing, currently your site is down with a PHP error.
The notice can be seen in a cached copy of the site.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:freshjuice
ID: 35038041
1and1

All wordpress sites appear to be broken.

I'm on hold with 1and1 abuse support right now. :-(
0
 

Author Comment

by:freshjuice
ID: 35038052
@arnold - we have no advertisers. Everything we promote is self-contained. We do have an ad-rotation plugin that we run, however...
0
 

Author Comment

by:freshjuice
ID: 35038183
Okay, so 1and1 told us that one of our web developers had a virus on the machine that allowed someone from the Czech republic to steal our webmasters pass and login through the FTP front door to upload Perl scripts.
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 100 total points
ID: 35038272
The ad-rotation is it one of your own or do you generate references to other people?
Currently, your site has a PHP error.
index.php line 1
referencing wp-includes/pluggable.php line 890

if you have access to the server, while it is not necessarily dis-positive, you can search your files for modification after a known last modify date.

I.e. you have not made changes to the site since December 2010. But now you have files within the web root that were modified 10 days ago.
The other issue as others and I pointed out to have the server scanned 1and1 should be contacted to see whether the issue is within one of the systems that provides services for your domain.
0
 

Author Comment

by:freshjuice
ID: 35038390
Hi Arnold. Don't know if you missed my reply, it was a hacked password used for a front-door attack to our FTP.

I'll divvy some points for everyone's help.
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
This article discusses how to create an extensible mechanism for linked drop downs.
The purpose of this video is to demonstrate how to integrate Mailchimp with WordPress, by placing a Mailchimp signup form on a WordPress Page or Post. This will be demonstrated using a Windows 8 PC. Mailchimp will be used. Log into your Mailchi…
The purpose of this video is to demonstrate how to set up the permalinks on a WordPress Website. This will be demonstrated using a Windows 8 PC. Go to your WordPress login page. This will look like the following: mywebsite.com/wp-login.php : Go t…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now