anonymousfox Hack Fix WIP

Uncategorized

Symptoms:

This seems to vary as anonymousfox is finding the venerability and then running a script to affect the site the most common thing we have seen is code injections that redirects site to a Chinese based on the user coming from google this is quite tricky because the site owner who navigates straight to the site does not detect anything most other variants we have seen perform the same sly modifications style.

Fix:

Cleanup is relatively simple and can usually be done with a bulk malware scan and clean however it seems the hack has also changed the php umask in an effort to prevent people upgrading plugins to patch vulnerabilities.

more to come