Subject: Hacked???

Posted on: 18/08/2014 09:52pm
By: ronack

Hi All,

My ISP keeps sending me emails that my server has been hacked.

Does anyone know about this hack and if it affects Geeklog and how? My Geeklog sites are the only ones that have the ability to send email.

hacked-webserver-stealrat-t1

To maintain uninterrupted service to this IP, the offending page(s) must be promptly removed. In cases of suspected phishing, AT&T will suspend service to the affected IP if the matter is not resolved within a reasonable time period.
Regards,
AT&T Internet Services Security Center


Problem is they don't tell me what the offending pages are.

Thanks

Ron

Re: Hacked???

Posted on: 19/08/2014 03:50am
By: Dirk

Hmm, that's not a lot of information to go by ...

Stealrat appears to be a trojan running on (Windows) PCs. Does your Geeklog site run on Windows?

I found some removal instructions. It doesn't say how the trojan usually gets installed, though.

If your Geeklog site is running on a Windows server, then it's possible that it was installed through a security issue there (which version are you on?). But it could just as well have gotten in through other means.

If your Geeklog site is not on Windows, then I'd scan all the Windows PCs in your network for this trojan.

HTH

Dirk

Geeklog - Forum
https://www.geeklog.net/forum/viewtopic.php?showtopic=95789