I'm an rather experienced web developer and have Plesk Onyx running on my dedicated server. It features 2FA via Google Authenticator. Inside Plesk, I added multiple WordPress-based webpages of mine and friends of mine. All of these WordPress installations are securely installed by Plesk and hardened access to by moving the admin area, globally disabling comments, 2FA, and so on.
Now a few days ago, a friend told me he was seeing massive ads on my webpage. Since the server also yields my company's page, that is perhaps something to take serious - so did I. However, I couldn't reproduce the ads or the pop ups, etc. - at all -, neither on my Windows machines (10 and Server 2016), nor on any mobile or laptop device. Yesterday, I was viewing my webpage with a friend of mine (desktop PC). And all of a sudden, ads are shown up when he clicks links in my WP menu and stuff like this. Very pushy, very much, absolutely... unacceptable.
I introduced myself as rather experienced web developer. However, I don't know how to tackle this. Whether my server was actually hacked or compromised, some WordPress plugin is messing up with ads (however, friend found problems on multiple sites that are not using the same plugins), or whatever. I think Plesk and WP are both strong and shouldn't be compromised that easy. Besides, I didn't notice any further.
How to tackle this?
Did you try Revisium Antivirus to scan your websites? It is available on Plesk extensions. I had a similar issue and Revisium Antivirus found all the files that were infected.
Also, check your friend's PC (web browser) for malware. There is some malware (hidden software) which can run adds or add strange links to your website. So, in that case, there is nothing to do with your server or websites.
Related
Someone contacted me telling me that my magento company website was not secure, and they addressed me to http://www.magereport.com/scan/. I told them that the patches were installed manually, which it was what I was told at the time by the developers. I double checked with the developers and they told me that the manually applied patches will not be considered in that url. I however checked this other one https://magento.com/security-patch and says that the website appear to be safe. (including the "bespoke" admin url
Could anyone confirm if it is true that the manually installed patches can't show in those url's?
In one hand I have to trust my developers, and I believe they are saying the truth, but on the other hand I had a couple of people (probably trying to sell something) telling me something different. In the meantime I want to make sure the site is safe, and there is no compromise to our customers details.
What would you recommend as the best plan of action?
Magento version is 1.8.1.0
Many thanks for your honest help!
i am checking my magento web site at regularly (one a week)
http://mxtoolbox.com/ (ip and domain badlist control)
http://sitecheck.sucuri.net/ (malware control)
http://www.unmaskparasites.com/ (malware control)
http://www.magereport.com/ (magento security patch control)
You can trust this web sites. And I think, enough to control these sites
http://www.magereport.com/scan/ is very accurate. I would trust your developers.
Magereport is checking site from front end and cannot see is your php files completly patched. You should check Magefence extension that check your site from backend by scanning php files for each security patch, beside other security features. This is most complete security extension for regular site owners. https://www.extensionsmall.com/mage-fence-security.html
I have a website built on HTML5 initializr.com bootstrap code.
Until last week it worked fine. Today my AVAST antivirus installed on windows started blocking the navigation on this website because of Infection: JS:Decode-AQE [Trj] (Trojan Horse it says...)
Well the files on the server haven't been modified since a month. That was my first check, if ever someone tried to hack the site.
So nothing changed on files. Furthermore on other system without AVAST the website runs fine.
Actually I saw before hacked websites,,, and in such a case it's google itself blocking a website because contains malaware. (This website is correctly indexed by google no malaware detected)
The only solutions I found until now is to whitelist on AVAST the Domain name, but I wish there could be something better.
Also... since this website is made upon very standard code... I imagine more people will have this problem with clients running Avast AV.
What do you suggest?
I've found that there are more cases of false positives with Avast on web protection.
If ever happen to you just check first if your website is really clean with a online tool such as:
http://sitecheck.sucuri.net/
(Anyway Google is usually the first entity reporting you about malaware:
look in: Webmasters tools->Health->Malaware)
and then report the false positive to Avast at:
http://www.avast.com/contact-form.php
my website opens with xx.xxx.xxx.xxx IP address till friday it was working fine..after wards not able view the site in webbrowser...what could be the problem ? how can we solve it?
My server with this IP is working and can able to view the updated data in database ..but not able to view, or open the page of website.before the website under IIS configuration was stooped and now started again..still no use..am couldnt view Login page at all.My application was developed in classic asp long back.Kindly give me any suggestion to this...its very urgent...
I tried browsing the website in IIS manger(server) .It showing page cannot be displayed.
Thanks in advance.
First, Don't Panic. Staying calm can avoid further damage.
While it's hard to tell what could be the problem, the first thing you can do is to "ping" the domain from terminal.Can you login remotely? "wget" (on linux) will download the files from website, and could help you see if the files on the site are still accessible. Check from different browsers or machines, if possible. I'm no expert in asp or IIS, so won't advice on that front. But once I had faced the same situation with my website. So I just called up the hosting service provider, and it turned out it was their problem, and they brought the server online. If it's okay from their end, you might have changed some configurations in your server or application or there might be some up-gradation changing parameters, or even an accidental deletion/ moving/ renaming of files. Just try to remember what are the things you did with your server and application, before it went down, and also ask your server administrator. That will surely help you understand the problem better, if not help to solve it right away.
Good Luck.
hi
i have a problem at my production site, client reported that he is not seeing data in lists of sharepoint, as well drop downs which have years in pages of site appear empty with one user A on machin X having with windows 7. but data and comes up and drop downs are now populated when accessed from machine Y with same user A.
i dont knw wht really the problem is. As to development site this issue is not produced,
plz help,
thnks in advance
From your question, I gather the data does exist and the same user can see the information from one computer but not another.
A couple things spring to mind. (I am presuming usage of Internet Explorer since SharePoint 2007 has some rather weird rendering issues with other browsers. Correct me if this is an incorrect assumption.)
First, Windows 7 has later versions of IE which can refuse to send network credentials to a server it doesn't think is part of the intranet (corporate network). What makes this especially frustrating is that IE will prompt for network credentials (a result of the challenge from the website) but will not transmit those credentials. Examine the IIS logs to see if this is the case. The requests will be void of credentials using IE but will be present using Firefox (and presumably any other web browser). The fix for this is usually as simple as adding the domain into the Local Intranet zone in Internet Options.
If this is not the case, can you confirm the user is using the same credentials? Is this integrated authentication using Active Directory or forms authentication?
Are there any differences between the two computers with regards to how they reach the SharePoint site? (Such as one is VPN, the other is directly connected)? Or are they essentially equal but with different browser/OS configurations?
Are the lists standard out-of-the-box lists or have they been customized with SharePoint Designer or any other means? Are you injecting JavaScript via a Content Editor Web Part which might not be executing correctly?
It would be very helpful to know browser versions used, OS versions used, differences in connectivity to the resource from each machine, type of authentication used, and any other thing you can think to list.
I wish you luck in tracking this down!
Windows 7 or xp has nothing to do over here probably it has to do with the browser which he is using to browse the site ask him to chk the internet explorer settings and verify that he has enabled execution of javascript and other related things
A cheeseburger to the first person who can help me make sense of this. I have a page in a Sharepoint app that uses Telerik's RadUpload to upload files. This has worked for months; last week it stopped working (in Internet Explorer, this detail is important). After talking with a co-worker about the problem, I tried the upload with Firefox; it worked. Not only that, all subsequent uploads from Internet Explorer started working. Flash forward an hour, and the aforementioned coworker, on another Sharepoint site, running on different servers, was having problems downloading (using Internet Explorer). Being half serious, half smart-aleck, I said 'try it in Firefox'. Not only did that work, ALL SUBSEQUENT DOWNLOADS IN INTERNET EXPLORER WORKED! And he re-produced this behavior on another machine. My fear is that this a browser issue. All advice will be greatly appreciated.
a
IE will try and present credentials to a server it knows to be in its Local Intranet zone when it tries to connect (depending on the setting of "Automatic logon only in Intranet zone").
Firefox will only present credentials when prompted, and will generally ask you by popping up a box (unless you've configured a list of sites for it to always present NTLM credentials to).
I've seen a similar case with Sharepoint where you can cause IE to work by logging in with Firefox. I theorized it was due to a permission on a remote resource being for "Authenticated Users", and you're causing your user to authenticate by logging in forcefully. We eventually set the "Automatic logon only in Intranet zone" to "Prompt" and it worked. My theory there was that it wasn't detecting the site as being in the Local Intranet zone for some reason. If you're not accessing a domain with no .'s in it, try also setting your Local Intranet site policy to match the full domain of the Sharepoint server, not just *.example.com - I've read that that can help.
Was it as simple as IE not re-downloading miss-cached .js file, maybe, that firefox did download, making IE work after that?
Pretty gnarly to debug.