Re: Site loading performance!
Posted: Sun Mar 08, 2015 7:43 am
I don't know why I didn't click on the Blacklist Status tab on that Sucuri report. It leads to Spamhaus as the actual blacklist:
http://www.spamhaus.org/dbl/removal/rec ... oktalk.com
Which leads to a suspcious file on toughbooktalk.com:
/styles/skylineblue/theme/dump.php
Rob, I run several web servers for a living and have suggested you try out maldet. Here is how to do it on windows.
Download Clamwin here:
http://downloads.sourceforge.net/clamwi ... -setup.exe
Download maldet here:
http://www.rfxn.com/downloads/maldetect-current.tar.gz
Install Clamwin and extract maldet somewhere temporary so we can copy its sig files. 7zip can handle tar.gz in two steps, first un-gzipping then un-tarring
Make a directory inside the clamwin bin directory named 'maldet'
For example on my system it would be this full path:
Copy the files from the maldet files\sigs directory into the maldet directory you just created above. There should be two .dat and two .hdb files.
Open a command prompt and cd into the Clamwin's bin directory
Run this command, preferably using the administrator user to reduce 'permission denied' errors on individually scanned files:
clamscan.exe -r -i -d maldet (FULL PATH TO YOUR WEB FILES)
for example:
This will not delete or quarantine files. -r is recursive look, -i is report summary only and -d is directory containing sig files.
Maldet might report back about files containing base64 or otherwise obfuscated code. These are not necessarily infected but often are. They should be examined individually. It's the other types of nasties that should be taken more seriously like PHP shells.
http://www.spamhaus.org/dbl/removal/rec ... oktalk.com
Which leads to a suspcious file on toughbooktalk.com:
/styles/skylineblue/theme/dump.php
Rob, I run several web servers for a living and have suggested you try out maldet. Here is how to do it on windows.
Download Clamwin here:
http://downloads.sourceforge.net/clamwi ... -setup.exe
Download maldet here:
http://www.rfxn.com/downloads/maldetect-current.tar.gz
Install Clamwin and extract maldet somewhere temporary so we can copy its sig files. 7zip can handle tar.gz in two steps, first un-gzipping then un-tarring
Make a directory inside the clamwin bin directory named 'maldet'
For example on my system it would be this full path:
Code: Select all
C:\Program Files (x86)\ClamWin\bin\maldet
Open a command prompt and cd into the Clamwin's bin directory
Code: Select all
cd C:\Program Files (x86)\ClamWin\bin
Run this command, preferably using the administrator user to reduce 'permission denied' errors on individually scanned files:
clamscan.exe -r -i -d maldet (FULL PATH TO YOUR WEB FILES)
for example:
Code: Select all
clamscan -r -i -d maldet e:\inetpub
Maldet might report back about files containing base64 or otherwise obfuscated code. These are not necessarily infected but often are. They should be examined individually. It's the other types of nasties that should be taken more seriously like PHP shells.