October 29, 2009 at 15:47Multiple sites on Mchost infected
A couple of years ago I ran [with terrible force] from ValueHost to Mchost. Why I ran I think I don’t need to explain - whoever remembers will understand. Mchost liked everything: prices, services, online support, “sipanel”, etc. ... I moved almost all my sites to them, and did projects based on them.
Time has passed. Mchost, apparently overgrown and problems began. First, small ones, which I will not even mention already, because resolved quickly. Then [BAM!] It was discovered that letters from some [valid] mailboxes did NOT arrive at their mail servers. Including from some gmail mailboxes! They struggled with the problem for 3 months, a bunch of letters "left" no one knows where. For example, one of the boxes received competitive applications for an “unimportant” international festival ... On the day of the festival, a dozen complaints surfaced - they did not meet, they did not write. Mchost confirmed the problem and went to solve ... Decided or not? .. It is not clear yet, but he raised the price.
Now today [BAM!] In 90% of my sites in the index.php and index.html files (even on subdomains), an iframe / java virus that opens a pop-up window is “embedded” in the code. Online support lazily replied that you need to write to the support, which of course I have already notified, but now they respond to letters at best in a day ...
All sites on different engines, ftp passwords are different, rights are normal. Both Macs, from which work was carried out with sites, of course, without viruses. Files modified on October 29 at one in the morning.
The source code of the virus on Pastebin .
There are still victims? ..
Time has passed. Mchost, apparently overgrown and problems began. First, small ones, which I will not even mention already, because resolved quickly. Then [BAM!] It was discovered that letters from some [valid] mailboxes did NOT arrive at their mail servers. Including from some gmail mailboxes! They struggled with the problem for 3 months, a bunch of letters "left" no one knows where. For example, one of the boxes received competitive applications for an “unimportant” international festival ... On the day of the festival, a dozen complaints surfaced - they did not meet, they did not write. Mchost confirmed the problem and went to solve ... Decided or not? .. It is not clear yet, but he raised the price.
Now today [BAM!] In 90% of my sites in the index.php and index.html files (even on subdomains), an iframe / java virus that opens a pop-up window is “embedded” in the code. Online support lazily replied that you need to write to the support, which of course I have already notified, but now they respond to letters at best in a day ...
All sites on different engines, ftp passwords are different, rights are normal. Both Macs, from which work was carried out with sites, of course, without viruses. Files modified on October 29 at one in the morning.
The source code of the virus on Pastebin .
There are still victims? ..