Sucuri – Saved Me From My Russian Malware Hack

What Happened To Me:
The last few days my site was acting weird and then the second day it tried to redirect me to some Russian site which then got flagged by my Google Chrome browser as malicious code. I tried to figure out what was going on but didn’t know where to look, and my WordPress was just update so I wasn’t sure what was wrong with it. After a good hour of Googling and checking forums I would a few things to look for in the index page and several other pages but still I was getting redirected. After looking at a few forums I found Sucuri which is a company that does exactly what I was looking for it identifies and monitors websites using any time of platform, and in my case WordPress, and they help you remove the malicious code.

What is Sucuri and What Do They Do:
The Sucuri Web Integrity Monitor detects unauthorized changes to your websites, DNS, Whois and SSL Certificates. They Scan your web site for malware, virus, spam and many other security issues. Even if your using WordPress, Joomla or Mediawiki. With the support

What I Did:
I found some scripts here and there, and deleted them but they were still all over the place. After a good amount of Googling I found that Sucuri is one the good Malware monitors and removal services for a very reasonable price, for $90 a year they monitor and update your site after 3 hours and if something is wrong you just submit a ticket and they get right to it. After giving them my login information and my ftp information I sent my trouble ticket for Malware removal since I couldn’t find it all myself and Chrome was still flagging my website and trying to install malicious software from a Russian website. AFter submitting the ticket and a set of questions I got an email back about 4 to 5 hours later with an update on all the areas that were cleared and that we are good to go and I have not been blacklisted by any website yet which is fantastic. Honestly I recommend anyone who faces a malware issue to get Sucuri right away and let them handle, they did a fantastic and smooth job with me.

Next Steps After Clean Up:

  • Update All Your Website Software – Which They Were Thanks To Jacqui
  • Change Your Website Login Passwords – Making Them Even More Complex To The Point I Might Forget Them

Link: Sucuri

Gmail – Stolen & Recovered

Gmail

This is a story of how a gmail email of friend got stolen and how it was recovered by another friend. Some very detailed information of the steps she went through to recover for the email for the non-techie person.

So late last night was the last time Patient X was able to use his Gmail account and this afternoon when he tried to login to his account it kept telling him that the password was wrong and therefore panic started to form. Reason for panic is lots of private emails that if they fall in the wrong hands can cause chaos. So attempting to reset the password by using the forgot password form did not help as the reset password email address was one not known and therefore hacker dude probably messed that up too. So enter Dr Y trying to solve the issue, first steps were to retry the reset password, when that failed, Dr. Y attempted to go to the below mentioned link:

Link: Can’t Access Account

GMail2

Once Dr. Y answered (No) The form was generated in which Dr. Y had to enter the below details about Patient X’s account. Luckily enough Dr. Y is a neat freak in organizing all emails sent and received, not deleting much and basically stalking anyone and everyone. Of the questions Dr. Y answered are the ones mentioned below.

An email address we can use to contact you* (entered Dr. Y’s email address)
Describe the problem you’re experiencing* (The answer was: I believe someone has taken over my account)

Then Dr. Y filled out some of the below mentioned details regarding the Product Information

  • Do you use Gmail with this account? (Yes)
  • Gmail username; (enter username)
  • Most recent recovery email address: (if applicable – in this case it was not remembered)
  • Do you have a verification code? (a code usually sent by mobile if your mobile number was registered (*Recommendation please re-visit your Password recovery options and update it*)
  • Email addresses of up to five frequently emailed contacts: (enter as many as you could – which was done here)
  • Names of up to four labels: (had it been Dr. Y’s account there could be up to 27 labels to choose from but here it was unknown as user was not organizing freak)
  • Did you receive an invitation to create your account? (Yes) [ This is where magic happened for Dr. Y and they were able to access all information collected on Patient X]
  • Do you use orkut with this Google Account? (No)
  • Do you use Blogger with this Google Account? (No)
  • Google Products you used with this account and the date you started using each one? (Entered 2 of the available 4 areas)
  • And finally the “Other account Information”
  • Account Creation Date: (Entered date)
  • Last Successful login date: (Entered todays date)
  • Last password you remember: (Entered last password)

Click on Submit and wait for the magic to occur. In this case it took almost 20 minutes for Google to reject the information provided as it wasn’t sufficient enough (me thinks: that someone did not have their morning coffee) As a suggestion they suggested to fill out the form again and I entered same information provided and submitted it to get an answer almost 2 hours and 30 minutes later a successful answer seen below:

Hello,

Thank you for your report. We’ve completed our investigation and we’re
re-enabling your access to this account. We’ve changed the recovery email
address to ([email protected])

Proceeded to reset the password and had a password sent to the contact email mentioned above in the recovery process and viola everything was back to normal

All the emails were intact and no random emails were sent off!