Problem with Malware

June 5, 2014 4.9k views
m.soares2603
By:
m.soares2603
Hello guys, recently i just created a machine pre installed with Ghost, http://blog.herebecoders.com/ and there are some guys when they enter in my blog that their anti-virus is accusing the site as harmfull... also i found this website which is saying the same: http://trafficlight.bitdefender.com/info?url=http%3A%2F%2Fblog.herebecoders.com&language=en_US The only thing i did was in the nginx config to point the "blog" subdomain to the Ghost blog, and the main domain to is pointing to a index.html file which redirects to blog.herebecoders.com. Can somebody help me with that? Thanks
Log In to Comment
8 Answers
asb MOD June 5, 2014
Hi!

I ran your site through a few other malware detectors, and it's not showing positive. It's possible that bitdefender uses a list of IPs that previously had malware instead of actively scanning when you enter the sites domain. You could try taking a snapshot and spinning up a new instance of your site on a different IP address. Or you might want to contact bitdefender directly and ask them to rescan the site.

Let us know how it goes!
Reply
m.soares2603 June 5, 2014
Yeah, i think you might be right... i just checked this url:

https://www.virustotal.com/en/url/7d76a1fc21bf33ca92d70b9f2313769672c17e485be316826fdfe25612b5c065/analysis/

And it says that only bitdefender accuses it as a malware...

Could you give some detailed explanations (or maybe a url of digital ocean's tutorial) of how can i do this snapshop and then run a new machine and recover everything i did?

Thanks Andrew for your help!
Reply
kamaln7 MOD June 5, 2014
Take a look at https://www.digitalocean.com/community/articles/how-to-migrate-droplets-using-snapshots. Make sure you create the new droplet before destroying the old one so you get a new IP address.
How To Migrate Droplets Using Snapshots
by Zach Bouzan-Kaloustian
This tutorial covers how to manually migrate droplets between hypervisors by taking a snapshot of the droplet and then spinning it up in a different region.
Reply
m.soares2603 June 5, 2014
That`s great!

Just one last question, if I create a new Droplet to use the snapshot, will I pay the monthly cost for the 2 droplets? the one I just created, and the one i deleted?
Reply
kamaln7 MOD June 5, 2014
You would pay the same amount you would pay if you kept the existing droplet running for the rest of the month. Since you're billed hourly, replacing a droplet with one of the same size shouldn't affect your bill.
Reply
m.soares2603 June 5, 2014
Ahhhh cool, i thought it was monthly, not hourly.

Thanks Kamal!
Reply
m.soares2603 June 5, 2014
I'd like to make another question about this malware problem...

I Just updated my ngnix version to 1.6.0, and when i run my IP in this malware checker, its says that everything is ok

http://sitecheck.sucuri.net/results/162.243.91.192

But when I run my domain "which is configured to point to this ip", it says that it has some problems, also with the nginx version

http://sitecheck.sucuri.net/results/blog.herebecoders.com

How is that possible if this domain is pointing to this server?

Thanks Guys for all this help.
Reply
m.soares2603 June 5, 2014
Sorry but i think i just got the answer...

When I ran my domain on this website, it had the old version of NGINX, and it may have cached this status...

now that i updated, i tried running another subdomain and it's ok

http://sitecheck.sucuri.net/results/www.herebecoders.com

Thx anyway :)
Reply
Have another answer? Share your knowledge.