Reported Attack Page!

[iwt]

I have following site 'www.isetnepal.org.np' infected by virus. When I check each files, I found that it has affected the .htaccess file replacing with new codes.
How can I get rid of?
Thanks for the support.

[cPanelTristan]

Were you running a script on the site like WordPress, Joomla or such? If so, first off, you should update that script to the latest version. Next, go through the account to check every file (or even remove all the files and restore from backup and then update to the latest version). Finally, clear the .htaccess content if you don't have a copy of the original.

Most times, a site gets attacked from having an old application like WordPress or Joomla that hasn't been kept up-to-date.

[iwt]

This site is doesn't use any framework like Wordpress and Joomla. Though in the server where it has been hosted, there are some other site which are hosted using Wordpress and Joomla. Does this affect other site?

[cPanelTristan]

No, those should not impact your site if you are using suPHP and are using secure file permissions for your files and folders. Do you have any PHP scripts on your site?

[acenetgeorge]

Were these by any chance referral redirects? We've seen a few cases of referral redirects uploaded to .htaccess file via FTP.

Check the ftp logs under /home/USER/access-logs, and see if there is any activity on your .htaccess files. Reset the cPanel password to something unique and secure, and replace the .htaccess files.

[voshka]

By just having SUPHP enabled it is not true to say that the sites near on the same server wont be subject to an attack as there is other post in here by attacking using symlink
http://forums.cpanel.net/f185/how-pr...rs-202242.html

Use maldet to scan the whole sever for suspicious files
do recommendation on that post and also install mod_security and latest rule sets

there may have been some other account compromised and got access through here