i download a theme and plugin and my cpanl is hacked

***rocky_17117*** · 02-03-2015, 10:12 PM

hello everyone, i download a theme and plugin and my cpanl is hacked
plugin name revolution slider
here is files which i get in my cpanel
can someone tell me how its work, and what will be my next step for this ??

Code:

http://www65.zippyshare.com/v/D0nwmH6R/file.html

***Captain99*** · 02-03-2015, 10:27 PM

Need a bit more info from you tb able to help buddy>
how many domains do you have on that account, addon domains, sub domains
is it making money?
do you have good traffic to it?
do you have the site backed up?

Cap ;)

***rocky_17117*** · 02-03-2015, 10:32 PM

i have 20+ domains (addon domain)
yes there is 5 shopping portal live sites and 2 donations sites other is normal
yes my sites have good traffic
cant understand (do you have the site backed up?)

(02-03-2015 10:27 PM)Captain99 Wrote: Need a bit more info from you tb able to help buddy>
how many domains do you have on that account, addon domains, sub domains
is it making money?
do you have good traffic to it?
do you have the site backed up?

Cap ;)

***danimation3d*** · 02-03-2015, 10:33 PM

Woah far out, where'd you download this theme?
Personally, I stay away from the "nulled" crap. Group buys are probably the way to go. You'll spend $3-10 more than you would on a free nulled version. But you also avoid getting your butt hammered by some of the pricks out there who are waiting for you to play with their viruses

***sunnycar02*** · 02-03-2015, 10:42 PM

Look: http://blog.sucuri.net/2014/09/slider-re...oited.html

***rocky_17117*** · (This post was last modified: 02-03-2015 10:57 PM by rocky_17117.)

i always download from here
the slider is also download from BBF

can someone tell me the history?? how my site get hack and how they files upload and sending mail with my VPS,
i mean its since 12th jan 2015
today i see 35 of GB data full with EXIM
i delete everything, there is huge email sending with these files (as i know)
i want to know the store, how he do it, and how can be secure for future,
thanks
hope you understand what i am try to explain

so its mean not to use revolution slider ???
or using a purchased version ??

(02-03-2015 10:42 PM)sunnycar02 Wrote: Look: http://blog.sucuri.net/2014/09/slider-re...oited.html

***Captain99*** · 02-03-2015, 11:00 PM

do you have a copy of the sites before the infection?

Cap ;)

***grumble*** · 02-03-2015, 11:10 PM

It was hacked Dec 14 last year

Read the cure here:
http://jam88.com/index.php/blog/

It's my blog. You were hacked through revslider, which is part of some themes. The developer told only the direct purchasers of the slider.

Do NOT EVER use revslider (They say they have fixed it - it isn't fixed)

The cure is a good backup that spans several weeks past, a customised Wordfence pugin, Use Cloudflare, a custom .htaccess file and Anti-Malware and Brute-Force Security by ELI plugin.

***rocky_17117*** · (This post was last modified: 02-03-2015 11:20 PM by rocky_17117.)

no

(02-03-2015 11:00 PM)Captain99 Wrote: do you have a copy of the sites before the infection?

Cap ;)

how can someone get all access with just a plugin ????
i mean my username, my directories, my email, my vps, everything with just an nulled plugin? even virustotal cant give an error.

***Captain99*** · 02-03-2015, 11:24 PM

then you have problems my friend
as Grumble says - unless you can find someone to go through everything
and clean it for you (expensive)

Not able to offer much help I am afraid you will probably have to delete and start again BUT
wait to see if someone can offer a solution though I doubt it.

as someone above stated, for anything like themes, scripts or plugins use a GB and be safe

Cap ;)

ps good luck buddy