Comments on: GoDaddy/WordPress ninoplas Base64 virus and the fix

By: May Lanh

May Lanh — Wed, 15 May 2013 04:36:10 +0000

In some cases, the compressor clutch may not be able to bring the unit
in general, such as your unit’s inability to cool a large hall, you can add the vinegar through. Use insulated drapes, especially on southern facing windows. By getting an air conditioning unit is not being filtered any more. Heating and air conditioning systems are designed to fit inside windows that measure between 24.

By: Concrete Molds ·

Concrete Molds · — Mon, 08 Nov 2010 10:30:51 +0000

godaddy is not always the best registrar, the private registration of godaddy is too expensive -

By: Robena Eng

Robena Eng — Sat, 23 Oct 2010 09:17:37 +0000

Long time viewer / first time poster. Really enjoy reading the blog, keep up the good work. Will definitely start posting more in the near future.

By: Bruce

Bruce — Wed, 19 May 2010 16:24:14 +0000

i have also been victim of the ninoplas virus, but am haPpy to say i was able to remove it by doing a little searching.

I was looking for an alternative to reinstalling all the original wordpress files, plugins, themes, etc., so i looked through a number of different files and didnt find anything until i got to the files in my themes folder.

THE ONLY FILE THAT WAS INFECTED WAS THE HEADER.PHP FILE IN THE NAKED_HTML5 THEME. THERE WAS A LONG STRING OF CODE ADDED TO THE TOP ABOVE THE OPENING TAG. ONCE I REMOVED THE STRING OF CODE THE PROBLEM WAS FIXED!!!

By: spo

spo — Wed, 19 May 2010 14:46:54 +0000

I uninstalled every copy of WordPress that I had on my site and deleted my WordPress database after backing it up and moving the backup off of my server, and guess what? I STILL got hacked again. And then I found out that I had a folder in the top level directory that was publicly writable. I deleted that and I haven’t had any problems so far.

By: Adam

Adam — Wed, 19 May 2010 04:43:14 +0000

i have also been victim of the ninoplas virus, but am haPpy to say i was able to remove it by doing a little searching.

By: serena

serena — Mon, 17 May 2010 12:51:21 +0000

Hi.
I have had my godaddy website hacked with this virus 5 times in the last 3 weeks. I am now savvy enough to backup a clean copy (at least I think its clean) every night, and as I make constant daily changes have virtually been able to pick the exact time the virus infects again and quickly grab my backup and upload straight away which seems to delete the virus from ALL my websites infected but then it comes back within a few days.

As these websites are not WP sites as most people seem to have had problems with, can I do the SSH thing above to get rid of it or any suggestions as I can’t do the restore with godaddy due to the amount of changes done during the day and any restore could have part of the malicious code on it anyway.

I manually go through and clean every .php page but wonder if I am missing something on other types of pages.

I need some layman terms in what I need to do to clean it off forever. I have deleted any databases I had, all forum stuff everything to try not to let it come back including changing all passwords on hosting, ftp and account with godaddy

Appreciate any advice thanks
Serena

By: carcus

carcus — Fri, 14 May 2010 00:24:06 +0000

Glad I could help. Here’s a tip: make it non writeable after you use it and make sure to comment out what you don’t want to be run again. Our clean up script got hit and run again removing the first like of every file recursively from root. Client did not keep good backups. Use at your own risk!

By: Justin

Justin — Thu, 13 May 2010 20:21:47 +0000

@carcus – Thanks a ton for the php script. Just used it to clean up a whole slew of infected WP sites. You’re a life-saver!

By: krkhan

krkhan — Wed, 12 May 2010 09:48:00 +0000

@sergio: AFAIK, this JS script does nothing like that. It just redirects. We still don’t know how it got there in the first place.

@carcus: Thanks for the script. Hope it helps the others.