devshb
Senior Member
United Kingdom
1904 Posts |
Posted - July 14 2011 : 17:17:31
|
yep; we've got 2 separate modules, a scanner (to show you in a safe way what the injected values are), and a cleaner (to strip out the injections):
scanner: http://www.bigyellowkey.com/mysoftware_product_details.asp?prdid=328
cleaner: http://www.bigyellowkey.com/mysoftware_product_details.asp?prdid=342
and, the site-suspender is also handy: http://www.bigyellowkey.com/mysoftware_product_details.asp?prdid=325 that lets you suspend the whole of vpasp, and while the site's suspended you can still access it by using an override pwd even though nobody else can access it.
By cleaning the injected values, that can help buy you some breathing-space/time while you investigate/finalise a more permanent upgrade solution.
The scanner/cleaner is just for data, not files. As per Cam's note, if your files have been altered then I think you'd want to start from scratch with a fresh set of files that you know are safe.
If the hackers managed to effect physical files rather than just data then you'd want to suspend the site, scan/clean the data, and start afresh file-wise.
Also, you'd probably want to force all the shop's staff to run a full anti-virus scan just in case they've got a keylogger that's been picked up from a virus/injection, then make sure you change ALL the pwds (including your ftp pwds and host control panel pwds) (do those bits before you do the scan/clean etc; ie do the anti-virus checks first, then change the pwds, then work on cleaning the data/files; if you did it the other way around then potentially you could end up going round in circles.
Simon Barnaby Developer [email protected] www.BigYellowZone.com www.BigYellowKey.com Follow us on Twitter: http://twitter.com/bigyellowzone Web Design, Online Marketing and VPASP addons |
Edited by - devshb on July 14 2011 17:31:06 |
|
|