Thread

Google says a site that I am hosting for a non-profit has malware. Running 1.6.8 EE
Where do I start looking to find the issue?
http://www.orcommissionasd.org is the site.

Thanks,
Scott

Hi Scott,

Thanks for reporting this. We take security very seriously and will do our best to work with you on figuring out what’s going on. To that, we need some additional information from you…

  1. EE version and build (found at the bottom of your control panel)
  2. Other scripts on your account, whether in use or not (phpBB, etc…)*

  * If this is a shared hosting environment, the host can make a determination if the attack came through scripts on another account on the server, which is commonly the case with these types of hacks.

  While we work through this, please check through these files:

  * path.php (if using EE 1.x)
  * config.php
  * database.php (if using EE 2.x)
  * index.php

  to ensure that there is no unusual code such as iFrames or Javascript includes; if you do find that code, then please back-up the file and remove said code.  If you are unsure of what does or doesn’t belong in these files, do not hesitate to ask.

  You may also wish to refresh your files by following the build update instructions.

  Also please ensure that you report this to your host immediately as they can help identify where the attack originated from so that steps can be taken to prevent this in the future.

Thank you for the suggestion, I think I was able to find the problem.

S

Scott,
thanks for the PM. I would recommend doing an update to EE1.7.1 so at least you can be sure you have caught all affected files. Also report this to your host. Another vulnerable script on a shared hosting platform could also be the cause of this. Make sure all your permissions are correct as per update instructions.

You will also need to notify Google when the site is free of malware so they can remove the notice.