A spammer or hacker always try to hack WordPress website or raw PHP website, it's not only those two type website. It could be any type of website. Because a hacker always tries to attack week point into the website. So who developer developed this website and unfortunate keep the security whole into the website it will help for hacker and it could be hacked by the hacker and they could put some malware into this website. The hacker put some shell and try to upload more file like some PHP or python script to execute root permission or brute force to hack cpanel but a hacker anything can do with cpanel if they had successfully uploaded PHP, python, XML shell. Few servers do not accept those file for security reason. But some server accept easily when they can identify the website have some malware then they will generate an email that this server has some malware please take action otherwise your plane will suspend. The message was look like that. some website owner are not check their message continue. That's why they don't know what was problem and they can see only, already hosting plane suspended.They want to contact with hosting provider they are throw a offer that if you want to remove malware you have to pay 300 USD per year.But i am remove the malware  from your website only for 20 dollar for each website.

Why Hacker hacked your website?

1. Some hacker hacked website only for fun and deface the website home page and put some message for you and they are not harmed for you. It's just like he want to try help you to keep secure your website. That's called White Hat Hacker
2. Some hacker hacked your website to use their personal use. Such as Some hacker can try upload bulk mailer script or email spoofing script using SMTP server. because they are a spammer and they are sent some phishing mail by using the hacked server, The spam type could be a financial issue or some social media account hack or anything could happen.

such as They continue to try to send some attractive offer and some innocent people are affected by there. Hosting provider wants to avoid it forcefully. Because it is so bad impact for there server.
The black hat uses another way to make money from Hacked website. They can put some adware script into the website which they have been hacked. If anyone visits this website automatically the hacker got one visitor with click some ads it looks like popup windows or Open redirected to the Malicious website. Any server wants to avoid those script.


How to Remove Malware ?


If your website developed by WordPress CMS, You can replace wp-admin, wp-include folder from WordPress official website as WordPress zip file. You can also replace all file from domain root except wp-config.php. .htaccess file and some custom file which is directly created or uploaded by you, not Part of WordPresss File. Aftar replace all WordPress core file you can install wordfence Plugin to scan your full website using it then you need to clean all malware file which is malware listed by wordfence

If you are using custom PHP website or others, You need to check manually all php or JavaScript file.
example: if you found eval(), system(), shell_exe(), base64_encoded file etc in PHP or JavaScript file you need to take care of it. or you can contact with me via LinkedIn or Fiverr

What is Malware ?


Malware is just like a script or unusual tools. It's always harm your website or server and your device. It used for thief your Data or information and money. It's continue made by some Black Hat Hacker to earn money to Black way or Intentionally on someone. but i would like discuss about malware but it's adware but it auto generate from the Malware in web server.


I am Shamim. I am working with cyber security in cyber world. I have an account Fiverr and Upwork I have been solved lot's of web server malware problem. But I am recently face an unique malware issue for Hostgator server. The server has continue generate some adware code into JavaScript and PHP file. That's way your server all of website redirected into a spam and malware website.



Redirected website Below





How to worked ?


The malware load into index.php file using header file by Javascript CharCode. The code continue generate as randomly CharCode. Also the link create infinity loop. When any one load the JavaScript file it will create an set cookie and set cookie value is randomly added.










How to Solved ?


  • Please check all of Javascript file and removed all of the Malware code.



  • Check all header.php file or Header file and you have to removed  malware link according to image below 
How To Do Brute Force Attack || Cyber Security Blog



A brute-force attack consists of an attacker trying many word list or Many latter Combination with the hope of Luckily guessing correctly.
The attacker systematically checks all possible Word lists and latter Combination until the correct one is found. Alternatively,
the attacker can attempt to guess the key which is typically created from the password using a key derivation function.
This is known as an exhaustive key search.




Brute Force Tools :
Burp Suite
And Custom Word List



1. First we have visit Target website
2. Then we have to open Burp Suite and setting proxy setting in Mozilla Firefox or Any Browser.
3. Then we have to setup Proxy in Burp Suite as a Intercept on.
4. We have try to login in our target website.
5. Then Proxy  HTTP History and click right button on your mouse and sent Intruder
6. And Now go to Intruder Option
select Positions
7. Then clean all Variable and select only those things or target variable which u want to brute force
8. and Select Cluster Bomb
9. Then Select Payload and and now you can add all possible words.IF you already know about username then select only one username. if you don't know your target user's username, u can set all possible words List

Then set password from all possible words list.

Only for username in tab no 1
same. for password list which i have already completed

You can add words by type on burp suite or u can make a word list in txt file.and select it.

Now select any object. The object will be " when u want to login in your target website by typing any user and it will generate error massage if your user info is wrong then error massage make copy and add payload processing

afar all configuration we have click start attack



Today I want to talk about Two-Factor Authentication Code problem.

Two Factor Authentication is better security for any web Application and this Logic using maximum Web Application.
This security system using that if any hacker got the password from any Facebook account or Web Applications they can not get access their phone number easily. That why it called batter security.But if you try to use Two Factor Authentication code in second time to login to Facebook account it should work successfully unlimited time in Three minutes.I tried and it worked you can see below on video, How to it worked. But Facebook said it's not a bug.







Today I will discuss Cracking password. The password is the common thing to secure your virtual world like intranet accounts mobile pc or any other devices. Anyone can crack any password. But it has some condition like it maybe takes too big time or few. It depends on Password cracking Algorithm or sometimes you can crack easily in few minutes if you make special word-list for individual password crack and if your luck with you.

Every Cyber Security specialist suggest that use the strong password to keep safe online or any account. But if a hacker gets your encrypted password it's should be cracked.But it's one kind of suggestion not decision. because if you make strong password it will so hard to crack your password but still cracked able this password.

Here is one another thing to get password easily if a user uses common password in everywhere with the same password.

How to find this password?

First of all, I want to say this trick will work well or maybe not worked well.But you can try.Suppose you want to get access any victim account this account should be anywhere. Just collect some information about your victim, like email, name or How much info you have collected.Then search in google and found Where is the place the victim did create account and you can try get access any vulnerable website with the database.If you got success, you should get the user password and now you can try to login with which account get to access using this password.The maximum user uses one password in everywhere.so While it will work well if the user uses one password in everywhere.




Now I want to discuss Cracked MD5 or SHA-1 Hashes

How to Crack  MD5 or SHA-1 Hashes?

1. Download the The Cracker
2. Extract The ZIP file.
3. Copy cmd.exe from Default windows installation drive it's should be C: drive.







To day i will discuss about email. All internet user always given first priority to email and in future it's will same position. Every internet user have email. But someone use gmail,yahoo, mail, Microsoft email or they can use private email server with own domain.

What is email ?

Email is someone sent you to something and you will received that means it called information shearing. Virtual things Give and Take.

But now maximum user use email for anywhere to create account and need to maintenance by the email. So every user email need to security from hacker.

How to secure your Email ?

Firstly please keep in your mind  Cyber world is not secure. You have to make believed it. Any time can occurs anything. No one give  you guaranty that online is secure.

  1. Keep Strong Password and
  2. Change your password after few days
  3. Don't use common password
  4. Don not use email password in any where
  5. keep on your Second step verification.

Always check where from you are login your email account (Gmail) and if seen number of device with you have connect so make sure those device is it your's or not. if not remote logout from this.

Why you have to use different password in different website to Make sure your Secures ?

Suppose you are using gmail. Gmail have much security. If anyone want to crack your password it's not easy, so difficult. But if you use this email information in create account in anywhere like buy sell product or alluring website or any where.

So when you create your account using any information it's always saved in there database
so now think about it.

No one easily hack gmail account but if you use your gmail info with password to create an account in unsecured website which website any one can hacked. Easily your gmail account got hacked. So carefully use your information to create any profile in any website.

How to Avoid Scam or unwanted email or How to understand About SCAM Email or Spoofed Mail .




Disclose your email row data and find which server from this email come from.
Please the Image and follow it .


  • Run the Windows operating system that you want to use
  • Go to Windows Button then search Run and then type %windir%, and then click OK.

Or




  • Yo can go with My Computer then click your windows installation Folder (Default C: drive).
  • Remember This folder will open.(This folder is Working windows folder).Don't try to delete or remove or rename.
  • Find the Windows old folder and remove or delete it and click yes to confirm.


  • Now Right click on My Computer or Computer then click Properties.
  • Now select Advance tab with Startup and Recovery then click setting then it will show The Startup and Recovery dialog box

  • Under System startup, click Edit to modify the Boot.ini file.


The Boot.ini file opens in Notepad and looks similar to the following:




  • Click on file in notpade and click save as then backup copy of the boot.ini that name as boot.old.Then exit to close it.


In the [boot loader] section of the Boot.ini file, identify and then delete the line of text for the Windows operating system that you want to remove. For example, if the Windows folder that you removed in step 4 was for the Microsoft Windows XP Home Edition operating system, remove the following line of text from the Boot.ini file:



  • click the file in notpade and save it as boot.ini file.then exit it.


  • Click OK to close the Startup and Recovery dialog box.
  • Restart your computer.

Source : Microsoft 
Copyright © 2017 Make Sure Security to Keep Happy Cyber World