My post was deleted by mods as if I am some sort of NUT I am a BH customer with multiple sites hosted with them I thought this was a support forum where you could go for help instead my post SCREAMING FOR HELP with my sites gets deleted.

YES this is a 6 month problem I just took a few months off as I was totally DEMORALIZED by my sites being constantly attacked and I am still fighting this issue

I can provide emails to Bluehost support username to show I am a legitimate poster

again can anyone help before it was the orenstrad virus which was where it was being redirected now its something else I can psot the urls but then I will probaly get accused of posting attack sites which is what they are identified as by google

I just need help thats all

Googling for "Orenstrad virus" produces only three hits, all of them your posts. No one knows what you're talking about.

Beyond that, you've given us absolutely no useful information to go on. Just a 'frinstance: What scripts are you running? And have you installed the latest versions of them? What does this "infection" look like? What files are being compromised?

Do not post a link to your site here, however. If it's truly infected, no one should be directed to it.

All of my sites are infected each is different script.

one is using the OS commerce script the others are just text sites with pictures each shows a blank page when I go to it now other than one which is redirected to a site that has the following on the page

Обща площ – 532 дка
Комуникации от София : с автомобил, автобус или влак
- разстояние от гр. София - 3 км.
- разстояние от София – център - 12 км.
- разстояние от планина Витоша - 18 км.
- разстояние от гр. Банкя - 3 км.
Паркингът на хиподрума е разположен . . . >>>

На 11 май 2008 г. на хиподрума в Банкя стартираха първите конни надбягвания за 2008 година. До денят на Дербито – 13 юли, всяка неделя от 10,30 часа на пистите на Национален хиподрум ще се състезават най-добрите Чистокръвни коне в България.

Организатор на надпреварите през тази година е новосъздадената Българска национална асоциация за конни надбягвания, чийто президент е г-н Гриша Ганчев, а изпълнителен директор – собственикът на бегови коне г-н Иван Василев.

НОВИНИ - ХИПОДРУМ - СЕЗОН 06 - СЕЗОН 07 - JOCKEY CLUB - ГАЛЕРИЯ - КОНТАКТИ - nationalhippodrome@abv.bg

thanks I am doing all I can to try and get help to do this months ago when I was checking it it was being directed to orenstrad at least thats the name I can remember now however they are not being directed there that i can see I saw this in the bottom left hand corner as I clicked on the site I may have the name wrong but I know it was a russian site

thanks

P.S just checked my old emails and it was the Orenstraff virus not orenstrad also 3pigs

OK, let's break this into two pieces. First, if you have some static HTML pages that are being infected, pages that aren't connected to your OSCommerce stuff, that points to an infection on your PC, and you just need to get some decent scanning software to track it down. Top of the list is probably Kaspersky. Make sure your own PC is clean before doing anything with your website. Otherwise, you'll just keep reinfecting your pages.

From what I've been able to track down (and why can I find this stuff in 5 minutes of Googling, but you can't?), the Orenstraff or Orenstaff infection is a typical SQL injection trojan, to which OSCommerce is sometimes vulnerable. Google for SQL injection OSCommerce, and you'll find a bunch of stuff about what versions have problems, what addons are vulnerable (and addons are often the culprits in these cases), and what to do about it.

Pay attention to the dates on what you find there - a lot of the stuff applies to much older versions, so if you've got the latest version, don't spend too much time reading about problems with the older stuff. The addon modules appear to be the places to look.

Of course, if you're not running the absolute latest version of OSCommerce (2.2.RC.2a), that's the first thing you need to take care of.

Thanks for that info

I am not a techie at all and my developer does the uploading etc so it cant be my computer I will pass along this information to him and see if we can get this cleared up