Got a new Server? Must check IP reputation before production use


#1

I just launched a new instance. It’s IP says -

Tip: Whenever you get a new IP, make sure to check the IP reputation before it can harm your site.

Ref: https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2F142.93.199.192%2F&hl=en-US


(Janaki Vamsi) #2

Hello there , It seems to be a virus which came from php eval (base64_decode). It is an encrypted virus which they will add redirects to IP address and will use our to get add bad advertisements. It is really very hard to get rid of that . Check functions.php, header.php, sidebar.php, single.php.
From the starting you can see that compressed come and just try using some online descriptors like http://ddecode.com/phpdecoder/.

When you decode it you will see all the bad ip address they have linked.

Recently I have recovered a similar infected site of my client. Whenever you see that code you just need to act quickly. Soon I will try to write a How to guide on this .

Thanks & Regards,
Vamsi