Posted at March 19, 2018 at 7:17 am
InterServer’s InterShield system is able to stop many attacks and updates daily based on new data including new possible malware, known exploits and other Common Vulnerabilities. However, sometimes even with all these a new type of malware comes up.
In a recent case a site was redirecting to a pharmacy website but only when coming from a google search engine result. The site initially passed all scans of known vulnerabilities, the url did not exist in the code or database and it was reproducible. In this cases advanced debugging is needed. So xcache with trace was enabled which determined some interesting results. Follow this brief analysis and walk-through of our debugging process!
Starting here we load a normal WordPress file:
However, here the include is for a file not found in WordPress, so we continue to debug. We soon find that the URL being called was /privacy-policy/. We then execute a ‘wget’ to a remote URL. The wget then gives this information which does the redirect:
In the vars file we find:
The @require_once is hidden after a comment.
Using this data the our staff was able to to create virus signatures in order to detect these. Class.wp-include.php signature is available at:
InterServer’s virus db detects most common malware and is available from https://interserver.net. InterServer will continue to provide security updates to our customers so stay tuned for more on the expansion of our powerful InterShield.
InterServer is proud to announce its latest expansion into the Carlstadt, NJ market through an exciting partnership with 365 DataCenters. This collaboration marks a significant milestone in our mission to provide high-quality, reliable hosting solutions while meeting the growing demand for robust data center infrastructure in the NYC metro area. 365 DataCenters is renowned for its state-of-the-art facilities, offering secure, […]
Posted at January 13, 2025 at 4:53 pm by Michael Lavrik
We are thrilled to announce that Tenantos, a leading platform for billing and server management, has officially integrated the InterServer API into its product. This groundbreaking collaboration empowers hosting providers and IT administrators with unparalleled control and automation for managing InterServer’s dedicated servers directly within the Tenantos platform.
What Does This Integration Mean?
The integration of the InterServer API into Tenantos streamlines […]
Posted at December 20, 2024 at 9:12 am by Michael Lavrik
At InterServer, we are committed to making the Internet a safer, more secure place for everyone. That’s why we are proud to announce our sponsorship of Let’s Encrypt, a free, automated, and open certificate authority (CA) that has revolutionized web security. Let’s Encrypt is a project of the nonprofit organization, Internet Security Research Group (ISRG).”
Let’s Encrypt provides free SSL/TLS certificates, […]
Posted at December 19, 2024 at 12:09 pm by Michael Lavrik
We are excited to announce that InterServer is expanding its presence into the highly sought-after Jersey City colocation market with our latest partnership at Dataverge NJ1, located at 111 Town Square Place. Jersey City has become a hub for colocation services due to its proximity to New York City, robust infrastructure, and growing demand for data center capacity in this […]
Posted at October 24, 2024 at 1:42 pm by Michael Lavrik
If you’re a GoDaddy customer relying on a dedicated server, you’ve probably seen the recent news—GoDaddy is retiring all dedicated servers and migrating users to Virtual Private Servers (VPS). This move has raised questions for businesses that depend on the performance and security of dedicated servers. So, what’s happening, and what should you do next?
Understanding GoDaddy’s Decision
