Comments on: JSRedir-R / Gumblar.cn – Preventing Re-infection http://www.techknowme.com/2009/05/jsredir-r-gumblarcn-preventing-re-infection/ Technology Advice for Small Businesses Thu, 13 Jan 2011 05:31:58 +0000 hourly 1 http://wordpress.org/?v=3.2.1 By: Rita Cramer http://www.techknowme.com/2009/05/jsredir-r-gumblarcn-preventing-re-infection/comment-page-1/#comment-17 Rita Cramer Tue, 26 May 2009 10:11:47 +0000 http://www.techknowme.com/blog/?p=11#comment-17 Hi Rob, I need help! my domain name is: www.ritacramer.com I'll tell you, what happened: 1. I read on google "This site may harm your computer". 2. I called my host, he checked it and told me, that there is a java script on each page. 3. I called my designer. She deleted this on every page, deleted all pages on the remote server and uploaded each page again. This didn't work. She got the message: This website www.ritacramer.com has been reported as an attacked site and has been blocked based on your security preferences".Please do you have an idea what I can do? Thanks for your report Rita Cramer Hi Rob,

I need help! my domain name is: http://www.ritacramer.com

I’ll tell you, what happened:

1. I read on google “This site may harm your computer”.
2. I called my host, he checked it and told me, that there is a java script on each page.
3. I called my designer. She deleted this on every page, deleted all pages on the remote server and uploaded each page again. This didn’t work. She got the message: This website http://www.ritacramer.com has been reported as an attacked site and has been blocked based on your security preferences”.Please do you have an idea what I can do?

Thanks for your report
Rita Cramer

]]> By: Rob Z. http://www.techknowme.com/2009/05/jsredir-r-gumblarcn-preventing-re-infection/comment-page-1/#comment-16 Rob Z. Tue, 19 May 2009 05:06:55 +0000 http://www.techknowme.com/blog/?p=11#comment-16 Well, the first error sounds like a permissions error - make sure you have read/write access to all of your files (they should be set to 755 and you should be logged in with the user account that is the owner of those files). There's a possibility that those files are set to 755 but were written by another user account, which might indicate that a higher-level account gained write access to your directory and simply locked you out. You may need to confer with your web host on that one (who is your web host, by the way?). As for the second error - I hadn't heard of the file_put_contents() function. Apparently, it's a PHP5 only function. Are you running PHP5 or PHP4? If the latter, that script won't run for you. You may be abler to replace it with fwrite(), but you'll also need to open the file, get a handle, write to it using the handle then close the file. It's easier than I make it sound, but if you;re not really a PHP hacker, I can see how it may be intimidating. I'm currently helping someone else out right now with this by accessing his server directly and trying to fix it. If you'd be interested in hiring me to do the same for you, you can give me a call at 925-246-5449 or use the contact form on the main site (http://www.techknowme.com/contact/) to drop me an email or just ask me here in the comments and I'll email you directly (looks like I have your email in WP). But, before you do anything, follow the directions I laid out in the blog post you just commented on. Had you done that prior to being reinfected? Did you get reinfected anyway? Rob Z. Well, the first error sounds like a permissions error – make sure you have read/write access to all of your files (they should be set to 755 and you should be logged in with the user account that is the owner of those files). There’s a possibility that those files are set to 755 but were written by another user account, which might indicate that a higher-level account gained write access to your directory and simply locked you out. You may need to confer with your web host on that one (who is your web host, by the way?).

As for the second error – I hadn’t heard of the file_put_contents() function. Apparently, it’s a PHP5 only function. Are you running PHP5 or PHP4? If the latter, that script won’t run for you. You may be abler to replace it with fwrite(), but you’ll also need to open the file, get a handle, write to it using the handle then close the file. It’s easier than I make it sound, but if you;re not really a PHP hacker, I can see how it may be intimidating.

I’m currently helping someone else out right now with this by accessing his server directly and trying to fix it. If you’d be interested in hiring me to do the same for you, you can give me a call at 925-246-5449 or use the contact form on the main site (http://www.techknowme.com/contact/) to drop me an email or just ask me here in the comments and I’ll email you directly (looks like I have your email in WP).

But, before you do anything, follow the directions I laid out in the blog post you just commented on. Had you done that prior to being reinfected? Did you get reinfected anyway?

Rob Z.

]]> By: michael http://www.techknowme.com/2009/05/jsredir-r-gumblarcn-preventing-re-infection/comment-page-1/#comment-15 michael Tue, 19 May 2009 03:16:29 +0000 http://www.techknowme.com/blog/?p=11#comment-15 Hi; Thanks again for the script - worked beautifully yesterday and of course I got reinfected :(. When I try to run it now I get the following : Warning: fopen(./.ftpquota) [function.fopen]: failed to open stream: Permission denied in /home/server_name/public_html/domain_name/fic_infection.php on line 55 I also tried the other script somebody here is providing and I get the following : Fatal error: Call to undefined function: file_put_contents() in /home/server_name/public_html/domain_name/file_checker.php on line 120 Any Ideas on this one ? I am by no means comfortable enough to make any kind of changes. thanks again for your help Michael Hi;

Thanks again for the script – worked beautifully yesterday and of course I got reinfected :( .

When I try to run it now I get the following :

Warning: fopen(./.ftpquota) [function.fopen]: failed to open stream: Permission denied in /home/server_name/public_html/domain_name/fic_infection.php on line 55

I also tried the other script somebody here is providing and I get the following :

Fatal error: Call to undefined function: file_put_contents() in /home/server_name/public_html/domain_name/file_checker.php on line 120

Any Ideas on this one ? I am by no means comfortable enough to make any kind of changes.

thanks again for your help

Michael

]]>