Предупреждение за хакнат сайт

snux

Well-Known Member
Днес като се разрових в ГУТ видях, че за един от сайтовете ми има следното съобщение от преди 1 месец

We are writing to let you know that we believe some of your website’s pages may be hacked. Specifically, we think that JavaScript has been injected into your site by a third party and may be used to redirect users to malicious sites. You should check your source code for any unfamiliar JavaScript and in particular any files containing "eval(function(p,a,c,k,e,r)". The malicious code may be placed in HTML, JavaScript or PHP files so it's important to be thorough in your search.

The following are example URLs from your site where we found such content:

http://bottleddistilledwaterdelivery.com/
http://bottleddistilledwaterdelivery.com/2011/bottled-water-delivery
http://bottleddistilledwaterdelivery.com/2012/the-distilled-water-source-of-life-and-health

In addition, it's also possible your server configuration files (such as Apache's .htaccess) have been compromised. As a result of this, your site may be cloaking and showing the malicious content only in certain situations.

We encourage you to investigate this matter in order to protect your visitors. If your site was compromised, it's important to not only remove the malicious (and usually hidden) content from your pages, but also to identify and fix the vulnerability. A good first step may be to contact your web host's technical support for assistance. It's also important to make sure that your website's software is up-to-date with the latest security updates and patches.

Отворих да проверя хтаксеса и вътре има следното, който ми се стори нормален.

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# END WordPress

Скоро ъпдейтнах уп и сега не мога да видя кои файлове са модифицирани около датата на съобщението. Някакви идеи как да процедирам?
 
От: Предупреждение за хакнат сайт

За всеки случай смених данние в уп_конфига
 

Горе