How can I fix the #c3284d# malvertising hack on my website?

Posted by crm on Pro Webmasters See other posts from Pro Webmasters or by crm
Published on 2012-07-24T10:55:09Z Indexed on 2012/09/10 15:50 UTC
Read the original article Hit count: 207

For the past couple of weeks at semi regular intervals, this website has had the #c3284d# malware code inserted into some of its .php files. Also the .htaccess file had its equivelant code inserted. I have, on many occasions removed the malicious code, replaced files, changed the ftp password on my ftp client (which is CoreFTP), changed the connection method to FTPS for more secure storage of the password (instead of plain text).

I have also scanned my computer several times using AVG and Windows Defender which have found no malware on my computer which might have been storing my ftp passwords.

I used Sucuri SiteCheck to check my website which says my website is clean of malware which is bizarre because I just attempted to click one of the links on the site a minute ago and it linked me to another one of these random stats.php sites, even though it appears I have gotten rid of the #c3284d# code again (which will no doubt be re-inserted somehow in an hour or so)..

Has anyone found an actual viable solution for this malware hack?

I have done just about all of the things suggested here and here and the problem still persists.

Currently when I click on a link within the sites navigation menu within Google Chrome I get googles Malware warning page:

Warning: Something's Not Right Here! oxsanasiberians.com contains malware. Your computer might catch a virus if you visit this site. Google has found that malicious software may be installed onto your computer if you proceed. If you've visited this site in the past or you trust this site, it's possible that it has just recently been compromised by a hacker. You should not proceed. Why not try again tomorrow or go somewhere else? We have already notified oxsanasiberians.com that we found malware on the site. For more about the problems found on oxsanasiberians.com, visit the Google Safe Browsing diagnostic page.

I'm wondering if it is possible that the Google Chrome browser I am using has itself been hacked? Does anyone else get re-directed when clicking links on the the website?

© Pro Webmasters or respective owner

Related posts about htaccess

Related posts about hacking