Help us, Discuz forum under malware attack

DarkNinja

Guys,

Help us. Our forum craxme.com is under malware attack. We are using X 3.0 and forum was working fine till last week. Now there are just links in the '/forum.php', 'index.php' and '/portal.php' files that redirect to chinese sites. We restored these files to default, but got some database error and then within few hours it again became same as earlier; just chinese links everywhere.

We don't know what to do with it. Can anyone from the team help us? Here's the forum: http://craxme.com

FTP, Admin CP, database and other files are working fine. @vot

kaaleth

First of all, you have to scan your computer. After that, change all passwords for FTP and MySQL account. When you are ready, make a full backup of your forum and database. Try to install (e.g. in the other place) clean Discuz! X3, restore your database and check that everything works fine. Finally, change your admin password.

DarkNinja

kaaleth 2015-10-19 11:05
First of all, you have to scan your computer. After that, change all passwords for FTP and MySQL acc ...

Thanks bro. But we have our site installed on a remote server. Can we use any tool to scan it?

kaaleth

No, I mean your laptop or personal computer. Something is adding dangerous code to your website. What is your FTP client? I hope, you don't save password in your program.

vot

DarkNinja, I can suggest the next plan:
1) Stop the forum
2) Download ALL the Discuz files to your local computer.
3) Make a database backup, download it
4) Change all the passwords: Hosting panel, FTP, UCenter, Discuz admins
5) Compare all the files with the etalon Discuz installed at the localhost.
6) Remove all unknown files
7) Resore all modified files
8) Remove all the files from Dremote iscuz host
9) Upload all files from local copy to the remote host
10) Verify the result

P.S.
If other engines are indtalled at your remote host,
then do the same for other engines.

DarkNinja

vot 2015-10-19 20:52
DarkNinja, I can suggest the next plan:
1) Stop the forum
2) Download ALL the Discuz files to your l ...

we cleaned our directories and again installed Discuz ! . Then configured our database to discuz , After this our forum start working like it was before . But from today again this error came ......  help us to fix this bug .

vot

I think, your hosting center is infected.
Try to migrate to other hosting...

DarkNinja

vot 2015-10-30 22:33
I think, your hosting center is infected.
Try to migrate to other hosting...

Vot...
After so much review we found that our hosting is not infected.
On craxme.com we installed Wordpress and its working nicely. installed discuz on forum.craxme.com and its also working great.

Help us to get recovered from this issue , can you please share what type of plugins codersclub.org is using to avoid this types of situations.

vot

You can use
AdminCP -> Tools -> File Checksum
for check what the files was modified, added, removed.

DarkNinja

vot 2015-11-13 20:44
You can use
AdminCP -> Tools -> File Checksum
for check what the files was modified, added, removed ...

showing updated 20 files