My website keeps getting infected

Dec 8, 2012 at 11:23 AM

Hey guys, I seem to be running into some problems with my blog engine sites. Basically they keep getting infected with a virus called MW:EXPLOITKIT:BLACKHOLE. This is really becoming a problem for me, as my sites get infected about once a week and a I can't afford to repair them each time.


Does anyone know what could possibly be wrong? One of my sites is Don't worry it has been disinfected before writing this post. As you can see it is not a "standard" blogengine as I have modified it quite a lot. Even the comment form is different.


Hope someone can help me. Thanks guys!

Dec 9, 2012 at 6:34 AM

According to this it is Java or Flash exploit, so should nothing really do with BlogEngine itself. But this thread is about WordPress been infected, which suggests script injection. My understanding is that exploit changes registry for a shell from explorer.exe to some executable uploaded to the server, so at very least you can check the name of that .exe in the registry (first link shows how) and search through your blog files checking for that name. It could be string of JavaScript added to the page to behave as a backdoor. Or something completely outside of your web application that gets to the server through another channel.

Dec 10, 2012 at 10:38 AM

Hi, that doesn't look like what I have at all. When my website was infected it didn't try to download any exe files, it simply embedded an Iframe that takes details from the users. I am currently trying to analyze how they have infected me. I finally got around to changing all of my passwords, let's see how that goes.