iframe hack on Network Solutions

  • I just had to fix an iframe hack on a WordPress blog hosted on Network Solutions. Someone put it in the siteurl record in the database. The website in the iframe was mainnetsoll.com which is registered to Alexey Prokopenko in the Ukraine and hosted at Lunar Pages in California. They may have simply cracked the login and changed it on the admin pages.

Viewing 7 replies - 1 through 7 (of 7 total)

  • WordPress blog hosted on Network Solutions.

    Seems to be gathering steam. Although if you really are using 2.8.4, I will say that you may have been lucky to last this long.

    https://www.ads-software.com/support/topic/385477?replies=78

    https://www.ads-software.com/support/topic/386304?replies=11

    Linda

    (@lindamanagerlabscom)

    Help, can you tell me, even a little clue on what I can do to start fixing my blogs? I have called Network Solutions every single day. They said they restored my sites, but nothing has changed. I have a guy in the UK who has been trying to log in to my ftp and cannot get in. I am so stumped as I cannot get into the sites to start to even fix them. I am afraid to make it worse. Any plan of attack thoughts? I am so eager just to post something on my home page to tell people what is going on.
    Thanks,
    Linda
    https://www.rooftopgarden.com
    https://www.chicagoofficespace.com

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    If you can’t FTP in there will be a couple problems.

    NetSol’s directions are here: https://blog.networksolutions.com/2010/alert-wordpress-blog-network-solutions/

    The virus I’m experiencing is the same as the description DaveBaldwin posted. I want to get my WP website restored. I not a techie. I did the easy download and install that WP offers. I’m using 2.9.2. I can FTP into my NS account. I’ve done the following but cant restore the stie:

    1. I can login to NS and view my phpMyAdmin for the database. I just can’t find the siteURL. I read one post that says it’s in wp-options. I’ve looked there and when I couldn’t find it I looked through all the tables. Nothing called siteURL or site_URL.
    2. I read another post on the NS blog that say the script came in as a JSquery file in the Scripts folder. There are no files by that name in the Scripts folder.
    3. There’s a comment from WP on the NS blog that permissions need to be set at 644 for the wp-config file. I checked and that’s already set… so how did the virus get in? I’ve read elsewhere online that 640 is the correct permission.

    The virus seems to have attacked my site later than other site. Everything was OK until Tuesday April 13. NS is saying all is fixed yet I can’t get my website restored. HELP.

    @oldcrone

    @claytonjames posted a link up above to a thread with many replies about your very situation. It’d be best to head there, as the thread is active and full of assistance

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Can a Mod close this topic as it’s not needed? The other topic is more active ??

    Done.

Viewing 7 replies - 1 through 7 (of 7 total)
  • The topic ‘iframe hack on Network Solutions’ is closed to new replies.