Cómo limpiar un sitio web de WordPress hackeado en 10 sencillos pasos.

Crees que tu WordPress ha sido hackeado?

Si cree que su sitio web de WordPress ha sido pirateado y confirmó este sentimiento o sospecha utilizando algún complemento de seguridad o escáneres de malware de sitios web, como nuestro escáner de malware gratuito ubicado en https://scan.attacker.net , es mejor pedirle a un profesional que limpie su sitio web para garantizar que se limpie de forma completa y adecuada y que el SEO no se vea afectado. No dude en echar un vistazo a nuestro servicio de eliminación de malware de nuestro sitio web y https://attacker.net/website-security-plans-pricing

O siéntase libre de probar y seguir los pasos a continuación si desea intentar limpiarlo usted mismo:

Cómo saber y determinar si su sitio web fue hackeado?

  • ¿Ve algún contenido extraño, no reconocido o inapropiado en su sitio?
  • ¿Tu sitio comenzó a consumir más recursos o correr lento?
  • ¿Ve usuarios no reconocidos, usuarios administradores, FTP o cuentas de correo electrónico en su sitio?
  • ¿Archivos o carpetas no reconocidos?
  • Informes de clientes robado ¿Tarjeta de crédito después de comprar algo de su sitio web?
  • ¿Google Chrome, Firefox u otros navegadores muestran una advertencia roja cuando visitan su sitio web?
  • ¿Ve anuncios, ventanas emergentes o redireccionamientos no reconocidos a otros sitios?
  • ¿Tu proveedor de hosting suspendió tu cuenta de hosting?
  • Si su sitio aparece como hackeado o dañino en las búsquedas de Google.
  • Si recibe una advertencia de las herramientas para webmasters de Google u otras listas negras.
  • Si Google Adwords suspendió sus anuncios en ejecución.

Puede verificar la seguridad de su sitio web utilizando este escáner de malware gratuito del sitio web https://scan.attacker.net

Reparación de WordPress Hack y pasos de eliminación de malware:

1- El paso más importante es mantener la calma y la concentración. El estrés es contraproducente. Respira hondo y sigue leyendo.

2- Es muy importante generar un sitio web completo y una copia de seguridad de la base de datos.

3- Obtenga una copia nueva de WordPress en https://wordpress.org/download/ y comience por reemplazar sus carpetas principales de WordPress, tales como:

  • / wp-admin
  • / wp-incluye


La mayoría de las infecciones de malware de WordPress están dirigidas a los archivos y carpetas principales. Si el problema de malware / piratería persiste, debe revisar e investigar su carpeta wp-content y todos los temas y complementos que usa en el sitio web. Si continúa, entonces también debes verificar tu base de datos. También puede necesitar revisar su index.php, Archivo wp-config.php y .htaccess y otros archivos comunes para cualquier malware insertado e inyectado.

compare sus archivos en vivo actuales con la copia nueva que acaba de descargar usando el comando diff Linux o las herramientas de comparación de archivos como DiffNow o herramientas similares. Verifique todos los archivos reportados e infectados y límpielos o reemplácelos con una copia limpia.

4- Actualizar y actualizar WordPress, temas. y plugins una vez que limpies y elimines el malware / hack. Elimina los temas o complementos que no uses.

5- Revise a los usuarios administradores para detectar cualquier usuario administrador falso oculto creado por los hackers. Asegúrate de cambiar todas tus contraseñas.

6- Revise sus complementos y asegúrese de reconocerlos, los complementos falsos instalados y colocados por hackers son muy comunes. Elimina los complementos que no uses.

7- Una vez que haya terminado de limpiar su sitio web, es el momento de hacer una copia de seguridad completa del sitio web, incluida la copia de seguridad de la base de datos.

8- Escanee su computadora usando un buen software antivirus.

9- Verifique si su sitio web está en la lista negra de los motores de búsqueda o los proveedores de listas negras / antivirus (Google, Bing, Norton, McAfee, Yandex, etc.) y envíe las solicitudes de reconsideración y reindexación siempre que sea necesario para asegurarse de que su SEO y clasificación no se vean afectados. Por el hack.

10- Manténgase actualizado y actualizado, mantenga su wordPress, complementos, temas y todo actualizado y cambie sus contraseñas con frecuencia.

Regístrese ahora y vamos a limpiar y proteger sus sitios web!

Puede verificar la seguridad de su sitio web utilizando este escáner de malware gratuito.

https://scan.attacker.net

How to clean a Hacked Joomla


Do you think your Joomla has been hacked?

If you think that your Joomla website is hacked and you confirmed this feeling or suspicion using any security plugins or website malware scanners such as our free malware scanner located at https://scan.attacker.net then it’s better to ask a professional to clean your website to ensure it’s fully and properly cleaned and SEO remains unaffected. Feel free to take a look at our website malware removal service and https://attacker.net/website-security-plans-pricing

Or feel free to try and follow the below steps if you want to try cleaning it yourself:

How to tell and determine if your website was hacked?

  • Do you see any strange, unrecognized or inappropriate content on your site?
  • Your site started consuming more resources or running slow?
  • Do you see unrecognized users, admin users, FTP or email accounts on your site?
  • Unrecognized files or folders?
  • Customer reporting stolen credit card after purchasing something from your website?
  • Google Chrome, Firefox or other browsers showing a red warning when visiting your website?
  • Do you see any unrecognized ads, popups or redirects to other sites?
  • Your hosting provider suspended your hosting account?
  • If your site is listed as hacked or harmful in Google searches.
  • If you receive a warning from Google webmaster tools or other blacklists.
  • If Google Adwords suspended your running Ads.

You can check your website security by using this free website malware scanner https://scan.attacker.net

Joomla Hack repair and malware removal steps:

1- The most important step is to stay calm and focused. Stress is a counterproductive. Take a deep breath and continue reading.

2- It’s very important to generate a full website and database backup.

3- Get a fresh Joomla copy from https://downloads.joomla.org/ and compare your current live files to the fresh copy you just downloaded using diff Linux command or file comparison tools such as DiffNow or similar tools. Check all reported and infected files and clean or replace it with a clean copy.

You can also use this SSH command to list all modified files in the last 7 days:


find . -type f -mtime -7

Most Joomla malware infections are targeting the core files and folders. If the malware/hack issue remains then you need to check and investigate your themes and plugins that you use on the website. If it continues, then you need to check your database too. You may also need to check your index.php , configuration.php and .htaccess file and other common files for any inserted and injected malware.

4- Update and upgrade Joomla, themes and plugins once you clean and remove the malware/hack. Remove any themes or plugins you don’t use.

5- Review your administrator users for any hidden fake admin users created by the hackers. Make sure to change all of your passwords.

6- Review your plugins and make sure you recognize all of it, Fake plugins installed and placed by hackers are very common. Remove any plugins you don’t use.

7- Once you are done cleaning your website, It’s the time to make a full website backup including database backup.

8- Scan your computer using a good anti-virus software.

9- Check if your website is blacklisted by any search engines or blacklists / anti-virus vendors (Google, Bing, Norton, McAfee, Yandex, etc) and submit reconsideration and reindexing requests whenever needed to make sure your SEO and ranking is not affected by the hack.

10- Stay current and up2date, Keep your Joomla, plugins, themes and everything updated and frequently change your passwords.

Signup now and let’s clean & protect your websites!

You can check your website security by using this free website malware scanner

https://scan.attacker.net

How to clean a hacked Magento website


Do you think your Magento has been hacked?

If you think that your Magento website is hacked and you confirmed this feeling or suspicion using any security plugins or website malware scanners such as our free malware scanner located at https://scan.attacker.net then it’s better to ask a professional to clean your website to ensure it’s fully and properly cleaned and SEO remains unaffected. Feel free to take a look at our website malware removal service and https://attacker.net/website-security-plans-pricing

Or feel free to try and follow the below steps if you want to try cleaning it yourself:

How to tell and determine if your website was hacked?

  • Do you see any strange, unrecognized or inappropriate content on your site?
  • Your site started consuming more resources or running slow?
  • Do you see unrecognized users, admin users, FTP or email accounts on your site?
  • Unrecognized files or folders?
  • Customer reporting stolen credit card after purchasing something from your website?
  • Google Chrome, Firefox or other browsers showing a red warning when visiting your website?
  • Do you see any unrecognized ads, popups or redirects to other sites?
  • Your hosting provider suspended your hosting account?
  • If your site is listed as hacked or harmful in Google searches.
  • If you receive a warning from Google webmaster tools or other blacklists.
  • If Google Adwords suspended your running Ads.

You can check your website security by using this free website malware scanner https://scan.attacker.net

Magento Hack repair and malware removal steps:

1- The most important step is to stay calm and focused. Stress is a counterproductive. Take a deep breath and continue reading.

2- It’s very important to generate a full website and database backup.

3- Get a fresh Magento copy from https://magento.com/tech-resources/download and compare your current live files to the fresh copy you just downloaded using diff Linux command or file comparison tools such as DiffNow or similar tools. Check all reported and infected files and clean or replace it with a clean copy.

You can also use this SSH command to list all modified files in the last 7 days:


find . -type f -mtime -7

Most Magento malware infections are targeting the core files and folders. If the malware/hack issue remains then you need to check and investigate your themes and plugins that you use on the website. If it continues, then you need to check your database too. You may also need to check your index.php and .htaccess file and other common files for any inserted and injected malware.

4- Update and upgrade Magento , themes and extensions once you clean and remove the malware/hack. Remove any themes or extensions you don’t use.

5- Review your administrator users for any hidden fake admin users created by the hackers. Make sure to change all of your passwords.

6- Review your extensions and make sure you recognize all of it, Fake plugins or extensions installed and placed by hackers are very common. Remove any plugins you don’t use.

7- Once you are done cleaning your website, It’s the time to make a full website backup including database backup.

8- Scan your computer using a good anti-virus software.

9- Check if your website is blacklisted by any search engines or blacklists / anti-virus vendors (Google, Bing, Norton, McAfee, Yandex, etc) and submit reconsideration and reindexing requests whenever needed to make sure your SEO and ranking is not affected by the hack.

10- Stay current and up2date, Keep your Magento, plugins, themes and everything updated and frequently change your passwords.

Signup now and let’s clean & protect your websites!

You can check your website security by using this free website malware scanner https://scan.attacker.net

How to clean a hacked Drupal website


Do you think your Drupal has been hacked?

If you think that your Drupal website is hacked and you confirmed this feeling or suspicion using any security plugins or website malware scanners such as our free malware scanner located at https://scan.attacker.net then it’s better to ask a professional to clean your website to ensure it’s fully and properly cleaned and SEO remains unaffected. Feel free to take a look at our website malware removal service and https://attacker.net/website-security-plans-pricing

Or feel free to try and follow the below steps if you want to try cleaning it yourself:

How to tell and determine if your website was hacked?

  • Do you see any strange, unrecognized or inappropriate content on your site?
  • Your site started consuming more resources or running slow?
  • Do you see unrecognized users, admin users, FTP or email accounts on your site?
  • Unrecognized files or folders?
  • Customer reporting stolen credit card after purchasing something from your website?
  • Google Chrome, Firefox or other browsers showing a red warning when visiting your website?
  • Do you see any unrecognized ads, popups or redirects to other sites?
  • Your hosting provider suspended your hosting account?
  • If your site is listed as hacked or harmful in Google searches.
  • If you receive a warning from Google webmaster tools or other blacklists.
  • If Google Adwords suspended your running Ads.

You can check your website security by using this free website malware scanner https://scan.attacker.net

Drupal Hack repair and malware removal steps:

1- The most important step is to stay calm and focused. Stress is a counterproductive. Take a deep breath and continue reading.

2- It’s very important to generate a full website and database backup.

3- Get a fresh Drupal copy from https://www.drupal.org/download and compare your current live files to the fresh copy you just downloaded using diff Linux command or file comparison tools such as DiffNow or similar tools. Check all reported and infected files and clean or replace it with a clean copy.

You can also use this SSH command to list all modified files in the last 7 days:


find . -type f -mtime -7

Most Drupal malware infections are targeting the core files and folders. If the malware/hack issue remains then you need to check and investigate your themes and plugins that you use on the website. If it continues, then you need to check your database too. You may also need to check your index.php , configuration.php and .htaccess file and other common files for any inserted and injected malware.

4- Update and upgrade Drupal, themes and plugins once you clean and remove the malware/hack. Remove any themes or plugins you don’t use.

5- Review your administrator users for any hidden fake admin users created by the hackers. Make sure to change all of your passwords.

6- Review your plugins and make sure you recognize all of it, Fake plugins installed and placed by hackers are very common. Remove any plugins you don’t use.

7- Once you are done cleaning your website, It’s the time to make a full website backup including database backup.

8- Scan your computer using a good anti-virus software.

9- Check if your website is blacklisted by any search engines or blacklists / anti-virus vendors (Google, Bing, Norton, McAfee, Yandex, etc) and submit reconsideration and reindexing requests whenever needed to make sure your SEO and ranking is not affected by the hack.

10- Stay current and up2date, Keep your Drupal, plugins, themes and everything updated and frequently change your passwords.

Signup now and let’s clean & protect your websites!

You can check your website security by using this free website malware scanner https://scan.attacker.net

How can I test or preview my website before switching DNS?

 

  1. Locate the HOSTS file on your computer. Typically it is in one of the following locations:
    • Windows NT/2000/XP/2003/Vista/7 – C:\windows\system32\drivers\etc\hosts
    • Windows 95/98/Me – C:\windows\hosts
  2. Open this file with a text editor such as Notepad or Wordpad.
    • Right-click on Notepad and select the option to Run as Administrator – otherwise you may not be able to open this file.Then, open the file. Consider performing a “Save As” so you have an original copy of the file that you can restore later. You will see two columns of information, the first containing IP addresses and the second containing host names. By default, a windows hosts file should be similar to the following:
      (In Windows 7 Press and hold Ctrl+Shift while opening the Notepad/Wordpad).

    • Filename: hosts

      127.0.0.1 localhost


      You can add additional lines to this file that will point requests for a particular domain to your new server’s IP address.

      Example:


      Filename: hosts

      127.0.0.1 localhost
      123.123.123.123 example.com

  3. Save your changes (be sure to save as a host file, not as a text file).
    Windows wants to save it as text (.txt) so you need to

    1. Change save as type to all files and then
    2. Click on host  (the original file).
  4. Restart any currently open browsers.
  5. You may also want to flush your DNS cache. In Windows XP, go to Start, and then Run, then type “cmd” and hit enter.
    Type the following:ipconfig /flushdns
  6. In your web browser you should see your site as it appears on your testing server when typing http://example.com/ but still be able to see the site on its current web server by visiting http://www.example.com/

How to Edit Your Hosts File on an Apple Macintosh Using Mac OSX

Let us assume for this example your testing server has an IP address 123.123.123.123 and you wish to visit that server when you type “http://example.com” into a web browser BUT still wish to still see the site as the rest of World Wide Web does when you enter “http://www.example.com” into your browser instead.

  1. Open Terminal, which is in Applications, then the Utilities folder. To do this go to the Finder (Desktop) and from the main main bar at the top of the screen choose “Go” and then “Utilities”. Find the Terminal application icon and double click.
  2. You may want to first make a backup copy of your existing hosts file:
    sudo cp /private/etc/hosts /private/etc/hosts-orig

    Enter your user password at the prompt.Then type the following command to edit your hosts file:

    sudo nano /private/etc/hosts

    Enter your user password at the prompt if asked.

  3. You will see a file with contents similar to the following:

    Filename: hosts

    ##

    # Host Database

    #

    # localhost is used to configure the loopback interface

    # when the system is booting. Do not change this entry.

    ##

    127.0.0.1 localhost

    255.255.255.255 broadcasthost

    ::1 localhost

    fe80::1%lo0 localhost

    Using the arrow keys on your keyboard, navigate around this file an add your domain and IP address to the bottom of the file. For example:


    Filename: hosts

    ### Host Database## localhost is used to configure the loopback interface# when the system is booting. Do not change this entry.##127.0.0.1 localhost

    255.255.255.255 broadcasthost

    ::1 localhost

    fe80::1%lo0 localhost

    123.123.123.123 example.com


  4. When done editing the hosts file, press the keyboard combination Control+O to save the file.
    Then press the Enter on the filename prompt to confirm the Save operation. Finally press the keyboard combination Control-X to exit the editor.You may also need to grant yourself sudo priveleges, if you got a permission error in Step 2. In your “Help” menu, search for “root” and select the instructions for “Enabling the root user.” Follow those instructions.
  5. Restart any currently open browsers. You may also want to flush your DNS cache.
    Type the following command into your Terminal window:dscacheutil -flushcache
  6. In your web browser you should see your site as it appears on your testing server when typing http://example.com/ but still be able to see the site on its current web server by visiting http://www.example.com/

What is RAID?

What is RAID (Redundant Array of Independent Disks)?
RAID creates a single usable data disk, where several physical disks are combined into an array for better speed and/or fault tolerance. There are three key concepts in RAID: mirroring, the copying of data to more than one disk; striping, the splitting of data across more than one disk; and error correction, where redundant data is stored to allow problems to be detected and possibly fixed (known as fault tolerance). Although there are many different levels of RAID.

RAID 0 (Striped set without parity/Non-Redundant Array) Implements data striping where file blocks are written across multiple drives in fragments and requires a minimum of 2 disks. The advantage of a RAID 0 is that the read/write speed is dramatically increased. The more disks in the array the greater the bandwidth. The disadvantage to a RAID0 is that there is no fault tolerance; if a single drive fails it will destroy the array. Also a RAID 0 does not implement error checking so any error is also unrecoverable. A common solution to this is to have a drive outside of the array used as back-up storage in case of a hardware failure.

RAID 1 (Mirrored set without parity) Implements data mirroring. Data is duplicated on two or four drives through a hardware raid controller and provides some fault tolerance. The array is recoverable as long as at least 1 drive has not failed. It provides faster read performance than a single drive and provides drive redundancy in case of drive failure. There is also a very slight reduction to write speed.

RAID 5 (Striped set with dual distributed parity) Implements data striping at a block level, and distributes parity among the drives. The parity information allows recovery from the failure of any single drive because any following reads can be calculated from the distributed parity. Another advantage of a Raid 5 allows for increased read/write speeds while allowing the most efficient use of disk space. RAID 5 requires a minimum of 3 disks.

RAID 10 (RAID 1 + 0) Creates multiple mirrors, where data is organized as stripes across multiple disks and then the striped disk sets are mirrored. RAID 10 offers the same fault tolerance as RAID 1 with increased read/write speeds over a single Raid 1 volume or single drive. RAID Level 10 requires 4 drives to implement.

 

Updating Apache to the latest version on DirectAdmin

You can check the current version of apache by running

/usr/sbin/httpd -v


CustomBuild – current

If you’re using custombuild (as most new boxes are), run the following

cd /usr/local/directadmin/custombuild
./build update
./build apache
./build php n
./build rewrite_confs


CustomApache – end-of-life

If you are using customapache with the 1.3 version of apache to the most recent, run the following:

cd /usr/local/directadmin/customapache
./build clean
./build update
./build apache_mod_ssl

If you’re using apache 2.x, use “./build apache_2” isntead of apache_mod_ssl.
This should update both the configure options and the version of apache to the most recent version.  Once the update has completed, you’ll need to restart apache:

RedHat:

/sbin/service httpd restart
FreeBSD:

/usr/local/etc/rc.d/httpd restart

 

How do I assign additional IP addresses in RedHat/CentOS?

If you are using CPanel, you should add the IP addresses through WHM.  Do not follow these instructions if you are using CPanel.

If you want to assign the addresses 3.2.1.1 – 3.2.1.20 to your server, you will need to create a RANGE file.

cd /etc/sysconfig/network-scripts
ls ifcfg-eth1-range*

If you already have a range file, you will need to create a new one for the new range of IPs you are adding, eg ‘nano ifcfg-eth1-range1` .  If you have one named range1, name the next range2 and so on.

nano ifcfg-eth1-range1

Place the following text in the file:

IPADDR_START=192.168.0.10
IPADDR_END=192.168.0.110
CLONENUM_START=0

Note: CLONENUM_START defines where the alias will start.  If this is the second range file, you will need to set CLONENUM_START to a value higher than the number of IP addresses assigned.  To check what you currently have used, you can run ‘ifconfig –a | grep eth1’.  This will list devices such as eth1:0, eth1:1, eth1:2, and so on.  If you are currently using upto eth1:16, you will need to set CLONENUM_START to 17 to assign the IPs correctly.

How do I check the health of my 3ware RAID array?

3ware allows for a browser interface to be used, however unless accessed locally this can be a security risk. Therefore we suggest using the command line interface if at all possible.

You need to download the 3ware CLI utilities from the vendor website or from your datacenter portal. Installation is as simple as unzipping the file into a separate folder. Please note you MUST be root/administrator to run the utility.

Quick command reference for 3ware CLI tools

These devices must be followed by a number denoting which is being queried.

tw_cli /c0 show (Output shows information needed to know the health of the RAID array)

./tw_cli /c1 show

Example:

Unit  UnitType  Status         %Cmpl  Stripe  Size(GB)  Cache  AVerify  IgnECC

——————————————————————————

u0    RAID-5    OK             –      64K     465.641   OFF    OFF      OFF

Port   Status           Unit   Size        Blocks        Serial

—————————————————————

p0     OK               u0     233.76 GB   490234752     WD-WCANY1727093

p1     OK               u0     233.76 GB   490234752     WD-WCANY1622544

p2     OK               u0     233.76 GB   490234752     WD-WCANY1657267

p3     NOT-PRESENT      –      –           –             –

*note the following:

c = controller
Controller can be 0 or 1
u = unit
Unit number depends on number arrays. It is 0 in most cases.
p = port
Port denotes port number. In most cases, it is 0-4.

 

How to Optimize MySQL

CentOS
There is a default my.cnf that comes with mysql (4+5) that will make mysql run a bit quicker if you have 2+ gig of ram cp -f /usr/share/mysql/my-large.cnf /etc/my.cnfThere is also my-huge.cnf, or my-medium.cnf depending on your hardware setup.   Check the contents of these my*.cnf files for the one that’s right for you.

*NOTE* the log-bin option is enabled  by default.  This will quickly use a lot of disk space.  It’s recommended to comment out the log-bin line from your /etc/my.cnf, if it exists.

 

Remember to restart mysql when you are done with your my.cnf tweaking:

Redhat:/sbin/service mysqld restart

FreeBSD:/usr/local/etc/rc.d/mysqld restart