Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Incero Malware?
New on LowEndTalk? Please Register and read our Community Rules.

Incero Malware?

concerto49concerto49 Member
edited May 2013 in Help

Has anyone seen this? Go to http://portal.incero.com/

And Google Chrome blocks this and reports it as Malware. Firefox suggests this is a reported attack page.

Is it just me?

Serving you the best VPS, Web hosting, dedicated servers and more - Cloud Shards | Query Foundry
We operate the network AS62638 | Available in Syd AU and Dallas, Los Angeles and NYC USA

Comments

  • KrisKris Member

    Blocked by Firefox as well, but unable to see anything in the code. Code and embedded JS looks clean.

  • MunMun Member without signature
  • Awmusic12635Awmusic12635 Member, Provider
    edited May 2013

    It was not like this earlier. I visited their page just a few hours ago.

    Opened a ticket with them about it, letting them know.

    Subnet Labs, LLC Contact Us Deploy to: Seattle, Dallas or NYC
    Impact VPS | Cloud Servers | Storage Servers | Impact Shared | Shared Hosting

  • KrisKris Member
    edited May 2013

    Checking their Code, W3TC is on there, and WordPress 3.3.1. Yeah....

    I'm sure an iframe is around there somewhere injected.

  • SpeedyKVMSpeedyKVM Banned, Member

    We killed wordpress :-)

    Thanks for the million emails.

    https://wable.com - Resource Bundle based SSD VPS cloud (move resources on the fly). Deploy 1 or many VPS. DAL, NYC, SEA. Snapshots, plus Cloning (even between cities). https://SpeedyKVM.com

  • shovenoseshovenose Member, Provider

    @Incero glad you got it sorted - having your company website compromised is NOT fun... it's happened to the best of us!

  • @Incero portal.incero.com is WHMCS not Wordpress?

    Serving you the best VPS, Web hosting, dedicated servers and more - Cloud Shards | Query Foundry
    We operate the network AS62638 | Available in Syd AU and Dallas, Los Angeles and NYC USA
  • KrisKris Member
    edited May 2013

    @Incero said: We killed wordpress :-)

    Kept the Tags, Description of Generator on your pages is WordPress 3.3.1, and W3TC is thrown in at the bottom.

    Did you just pull the source, then remove the CMS?

    EDIT: Yup you did - Good call

    Served from: www.incero.com @ 2012-04-10 22:46:31
    
  • SpencerSpencer Member
    edited May 2013

    On a side not it seems incero hosts a lot of malware?
    http://www.google.com/safebrowsing/diagnostic?site=AS:54540

    That is even more then colocrossing
    http://www.google.com/safebrowsing/diagnostic?site=AS:36352
    And colocrossig even has 25x more the IPs

    Edit: Looks like he even has more than ecatel!

  • SpeedyKVMSpeedyKVM Banned, Member

    Our wordpress main site was on a dedicated machine, our customer portals, ordering forms, etc are on different machines. Only wordpress was injected with some redirects. Not a big deal.

    https://wable.com - Resource Bundle based SSD VPS cloud (move resources on the fly). Deploy 1 or many VPS. DAL, NYC, SEA. Snapshots, plus Cloning (even between cities). https://SpeedyKVM.com

  • @Incero said: Our wordpress main site was on a dedicated machine, our customer portals, ordering forms, etc are on different machines. Only wordpress was injected with some redirects. Not a big deal.

    @Incero portal.incero.com is customer portal, no? It says Malware. Please take a look.

    Serving you the best VPS, Web hosting, dedicated servers and more - Cloud Shards | Query Foundry
    We operate the network AS62638 | Available in Syd AU and Dallas, Los Angeles and NYC USA
  • SpeedyKVMSpeedyKVM Banned, Member
    edited May 2013

    @concerto49

    The domain incero.com was blocked due to the wordpress injection on incero.com you can see this on google:
    http://d.pr/i/Yynk/1foxaVfS

    So all subdomains received the same message...... Of course we all know wordpress can be exploited so we have separate systems for our portal which can be confirmed with a traceroute.

    Thank you.

    https://wable.com - Resource Bundle based SSD VPS cloud (move resources on the fly). Deploy 1 or many VPS. DAL, NYC, SEA. Snapshots, plus Cloning (even between cities). https://SpeedyKVM.com

  • 24khost24khost Member

    This happened to us a week or 2 ago angry I catch he'll for it, yet it happens to incero and everybody is peachy? Low end drama I guess!

  • ATHKATHK Member

    @Incero if you have the site set up with Google's Webmaster Tools, you can force a Malware check and those errors should disappear quickly for clients.

  • SpeedyKVMSpeedyKVM Banned, Member

    yes, yes, did that about 6 hours ago. Also did one manually on sbw.

    https://wable.com - Resource Bundle based SSD VPS cloud (move resources on the fly). Deploy 1 or many VPS. DAL, NYC, SEA. Snapshots, plus Cloning (even between cities). https://SpeedyKVM.com

  • agoldenbergagoldenberg Member, Provider

    This is a prime example of not updating your Wordpress install.

  • jarjar Provider

    Not everyone can be perfect like me and never forget anything.

    Brb going to update everything.

    Founder @ MXroute

  • SpeedyKVMSpeedyKVM Banned, Member

    @agoldenberg its a major example of how much a mistake it is to use wordpress for anything, 3, 5, 10 years later and their core code is still being exploited.

    https://wable.com - Resource Bundle based SSD VPS cloud (move resources on the fly). Deploy 1 or many VPS. DAL, NYC, SEA. Snapshots, plus Cloning (even between cities). https://SpeedyKVM.com

  • WP may not be the best solution for something you want to set and forget, and it may not always be possible to stay on the bleeding edge of updates, but 3.3.1 was released Jan 2 of last year..

    "We are in a prison drama. This is like The Shawshank Redemption, only with more tunneling through shit and no fucking redemption."
  • @Incero said: its a major example of how much a mistake it is to use wordpress for anything, 3, 5, 10 years later and their core code is still being exploited.

    I am not sure, it is more their gazillion add-ons and their popularity that makes them such a big bull's eye, IMO.

    Extremist conservative user, I wish to preserve human and civil rights, free speech, freedom of the press and worship, rule of law, democracy, peace and prosperity, social mobility, etc. Now you can draw your guns.

  • SpeedyKVMSpeedyKVM Banned, Member
    edited May 2013

    @maounique Our WP was updated to the latest with the 1 click installer on Sunday, when we updated our facebook with a new AUP section for ipv4 usage.

    Google cache also shows that on april 24th we ran WordPress 3.4.2
    view-source:http://webcache.googleusercontent.com/search?q=cache:incero.com&aq=f&oq=cache:incero.com&aqs=chrome.0.57j58.3313j0&sourceid=chrome&ie=UTF-8

    http://imgur.com/PDJY7ga

    So not sure why you mention 3.3.1.

    Lots of love

    https://wable.com - Resource Bundle based SSD VPS cloud (move resources on the fly). Deploy 1 or many VPS. DAL, NYC, SEA. Snapshots, plus Cloning (even between cities). https://SpeedyKVM.com

  • Mon5t3rMon5t3r Member

    yea saw it too. i decide for not paying the invoices when i saw that warning :D well i'll pay it soon since @Incero confirmed its been fixed.

    Yes! I'm with Carstensz Pyramid Server Now stop asking me please :D
  • KrisKris Member
    edited May 2013

    @Incero said: So not sure why you mention 3.3.1.

    this is why

    Because it's embedded into your temporary order pages you saved from mid-last year.

    Also, W3TC. That is all.

  • using chrome
    can visit no problem

  • SpeedyKVMSpeedyKVM Banned, Member

    @Kris our order pages are not wordpress. Simply when we made the order pages we saved the website from a browser, then used those as a template. You can see our order form is online and works just fine.

    https://wable.com - Resource Bundle based SSD VPS cloud (move resources on the fly). Deploy 1 or many VPS. DAL, NYC, SEA. Snapshots, plus Cloning (even between cities). https://SpeedyKVM.com

  • KrisKris Member

    Yup - I said the same - look up top. Simply answered why 3.3.1 was brought up :)

    @Kris said: Did you just pull the source, then remove the CMS?

    EDIT: Yup you did - Good call

    Site's OK again from Firefox as well.

  • @24khost you got your site deleted...

    Security Consultant

  • @Incero said: @agoldenberg its a major example of how much a mistake it is to use wordpress for anything, 3, 5, 10 years later and their core code is still being exploited.

    You never said if your WP was vuln or if W3TC was vuln, which had some vulnerabilities released along with WP Super Cache. Either way, kinda scary a provider can't keep up with updating software

    However it's easier to kick the WP horse

    How to clean up a questionable reputation: throw the kids some BF/CM offers.

Sign In or Register to comment.