Infected several sites on Mchost
A couple of years ago I ran [with terrible force] from ValueHost to Mchost. Why I ran, I think it is not necessary to explain - who remembers, he will understand. Mchost liked everything: prices, services, online support, “sipanel” and so on ... Almost all of their sites were moved to them, and made projects based on them.
The time has passed. Mchost, apparently overgrown with fat and started having problems. At first, small ones, which I don’t even remember already, because resolved quickly. Then [BAC!] It was found that emails from some [valid] mailboxes do not arrive at their mail servers. Including from some gmail boxes! They struggled with the problem for 3 months, a bunch of letters "gone" is not known where. For example, one of the boxes received bids for the “unimportant” international festival ... On the day of the festival a dozen complaints surfaced - those were not met, they did not write. Mchost confirmed the problem and left to decide ... Decided or not? .. It is not clear yet, but he raised prices.
Now today [BAC!] In 90% of my sites in the index.php and index.html files (even on subdomains) at the end of the code the virus iframe / java, which opens a pop-up window, is “stitched”. The online support lazily replied that it was necessary to write to the support, which I, of course, had already informed, but now they respond to the letters at best in a day ...
All sites on different engines, ftp passwords are different, the rights are normal. Both Macs, from which work was done with the sites, of course, without viruses. Files are modified on October 29 at one in the morning.
')
The source of the virus on Pastebin .
Are there any more victims? ..
The time has passed. Mchost, apparently overgrown with fat and started having problems. At first, small ones, which I don’t even remember already, because resolved quickly. Then [BAC!] It was found that emails from some [valid] mailboxes do not arrive at their mail servers. Including from some gmail boxes! They struggled with the problem for 3 months, a bunch of letters "gone" is not known where. For example, one of the boxes received bids for the “unimportant” international festival ... On the day of the festival a dozen complaints surfaced - those were not met, they did not write. Mchost confirmed the problem and left to decide ... Decided or not? .. It is not clear yet, but he raised prices.
Now today [BAC!] In 90% of my sites in the index.php and index.html files (even on subdomains) at the end of the code the virus iframe / java, which opens a pop-up window, is “stitched”. The online support lazily replied that it was necessary to write to the support, which I, of course, had already informed, but now they respond to the letters at best in a day ...
All sites on different engines, ftp passwords are different, the rights are normal. Both Macs, from which work was done with the sites, of course, without viruses. Files are modified on October 29 at one in the morning.
')
The source of the virus on Pastebin .
Are there any more victims? ..
Source: https://habr.com/ru/post/73734/
All Articles