[Coco] WARNING! Possible virus script hijacking of CoCo3.com !!!

Roger Taylor operator at coco3.com
Thu May 20 12:30:33 EDT 2010


At 11:03 AM 5/20/2010, you wrote:
>On Thu, May 20, 2010 at 10:45 AM, Roger Taylor <operator at coco3.com> wrote:
>
> >
> >
> > Every .php file in the /community folder has the redirect script inserted
> > at the very top.  There is no way on earth a manual removal is possible
> > since there are thousands of .php files in the system, but installing the
> > latest version of WordPress will replace everything and the notice is in my
> > cPanel with the buttons to run the install process.
> >
> >
> >
>Roger,
>
>In the future if you have a need to do a find and replace against thousands
>of files I would recommend a windows tool called TextCrawler.  You can
>specify the file types you are looking for in the tool, like .php in this
>case and then specify the text you want to find and you can then (if you
>choose) do a replace on all the files.
>
>Here is a link to the tool if you have a need for it now or in the future.
>
>http://www.digitalvolcano.co.uk/content/textcrawler
>
>Jim Hathaway
>Web: http://hat3.net


Jim... you read my mind.  I was googling for a fix-it tool 
already.  The same eval() statement is at the top of the .php files, 
and if I can remove them, the redirect should die.

However, a WordPress upgrade is in order.

Thanks



-- 
~ Roger Taylor




More information about the Coco mailing list