Indexploit/Trojanlove Hack

  • Hello!

    I’m getting 3 websites hacked one and another time even if I:

    – Delete all.
    – Download from www.remarpro.com
    – Re-install all.
    – Change all passwords and install and configure security plugins.

    The things I’m not removing are:

    – The web hosting account, but I delete all the files under /www
    – The database, where I can find any infecious code or base64.

    The hacker it changes the administrator username to trojanlove. It doesn’t do anything more.

    Any ideas will be apreciate, thank you.

    • This topic was modified 7 years, 11 months ago by Steven Stern (sterndata). Reason: moved from "hacks" to "troubleshooting"
Viewing 2 replies - 1 through 2 (of 2 total)
  • Moderator Steven Stern (sterndata)

    (@sterndata)

    Volunteer Forum Moderator

    If you can’t find the backdoor, it may be that (1) your server itself is hacked or (2) you’re missing something when you clean it.

    You might want to contact a commercial cleaning service like sucuri.net or wordfence.com to have their experts examine and clean your site(s).

    Here are the standard instructions for cleaning up a site:

    Remain calm and carefully follow this guide. When you’re done, you may want to implement some (if not all) of the recommended security measures.

    If you’re unable to clean them, there are reputable organizations that can clean your sites for you. Sucuri and Wordfence are two.

    Thread Starter aitorserra

    (@aitorserra)

    Thank you for your reply.

    I moved one account to another server to see if it’s that and with another, I deleted the account/create again to have a clean cpanel account to see if it’s any backdoor.

    Let’s see what happend. The steps of the guide and many other are done.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Indexploit/Trojanlove Hack’ is closed to new replies.

Tags