The free forums are no longer in use. It remains available as read-only archive.
Log In
Home
4:42 pm
March 8, 2012
Offline
Good Afternoon,
I am attempting to restore a backup created with XCloner. I copied the TAR.php and XCloner.php and the backup.tar into the root folder of the website I am trying to restore and then visit XCloner.php and fill out the appropriate information. It begins processing and then redirects me to:
http://secure-storag.....5&....
My antivirus detection states that it killed the connection due to a fake virus scan application...I thought maybe it was a false positive but when I look at the tab in Chrome it says the title is "Your computer is infected!" so I am obliged to agree with the virus scanner that it is an illegitimate site.
Any idea why Xclone would be sending me to get a virus? I never does finish the restore. The first level directories and some files in each are created and the database is not imported.
6:02 pm
September 26, 2010
Offline
The issue you have is not from XCloner, your chrome is configured to alert you when google sees the site as infected, so i suggest you do this:
1. first clean up your site and move all files outsite your webroot folder
2. move the restore script and backup archive to the new location
3. start the XCloner.php restore script even if the alert virus is still there
Google will clean it's virus alert status once the site is fixed of the infection! Hope it helps! Ovidiu
6:37 pm
March 8, 2012
Offline
Just so you are aware. The link it is going to is something like:
http:// secure-storage-r21tu.uni.me /1095ff3534ea27a4/0/?fpos=4091392&chunk=54744576&output_path=…
My site is not secure-storage-r21tu.uni.me . The site directory is empty other than the 3 files I mentioned above. It is not Chrome reporting the problem, its my antivirus, if chrome detected a problem it would have given be a page saying the site contains malware blah blah blah. Instead the title says "Your computer is infected!"…google would not tell me my computer is infected, it would at the most, maybe say "The website you are visiting is infected!". I am going to look into the issue some more. Since it is sending the variables along it must be some sort of redirection occuring in the scripts. The only redirections I see are based on PHP_SELF. I threw a test script up to verify and my PHP_SELF is returning an appropriate URL.
I will keep investigating and report back.
9:13 pm
March 8, 2012
Offline
My core hosting account has been compromised. This issue is not related to XCloner.
This issue can be closed.
My apologies for the scare. The hacker put an htaccess file in my root directory which rewrote requests if the referrer url contained a common search engine (basically redirect users and attempt to make the site look fine for admins) Aparently there was something in the referrer url that made it think it was a seach engine.
All RSS1 Guest(s)
