Ja osobno sumnjam da je rupa u onoj prvoj s popisa iz razloga što je to glavna stranica, do ostalih se dolazi putem jednog jedinog, ne tako uočljivog linka...
Umjesto index.php i news.php su ostavili svoju vizitku ;-) a na serveru sam pronašao skriptu c99shell.php te datoteku c99sh_backconn.210.pl koja je bila prazna (obe u public_html folderu).
Provider mi je forwardao mail koji je on dobio...
It has been brought to our attention that your server xx.xx.xx.xx may be hosting a website that has been defaced.
The possibly defaced website is http://www.clan-fbi.com
The web pages on the account may be vulnerable to Cross Site Scripting. Some pages may have a vulnerability that allows a malicious person to take advantage of a vulnerable page and
subsequently download and run malicious programs on your server.
We highly suggest you investigate your server for possible compromise and ensure that the user has all of their PHP scripts updated to the latest version. If you need assistance with this,
please feel free to update the ticket and we will do what we can to assist you.
Please keep in mind this is merely a courtesy ticket to alert you of this and we apologize if you are already aware of this issue.
Thank you.
Napomena: Stranica trenutno nije dostupna zbog selidbe na novi server, ali će biti uskoro pa vas molim za pomoć pri krpanju ove rupe, jer ne želim da se ovo opet ponovi, a ne znam odakle da počnem.
Hvala...
https://www.agronomija.info/
Failure is not an option. It comes bundled with your Microsoft product.