Site infected form viruses – what to do?

Viruses that infect websites can be divided into two large groups – viruses, which are a Java script that is executed in the visitor’s browser, and viruses, which are a hidden embedded frame that contains a link to malicious content.

Recently, viruses have spread, infecting sites and damaging visitors to infected sites.

Script viruses are a script element containing functions with clearly randomly generated names that represent incoherent character sets, and an encrypted virus body, which is a continuous string of characters ranging from hundreds of bytes to 20-30 kilobytes. 

site infection form viruses
READ ALSO: How to protect your computer – 10 useful tricks

Frame viruses are not so visible in the text of the page. They are an iframe element with the “hidden” attribute or included in a non-displayable block, this frame contains a link to the source of the malicious code, the code itself is not contained on the page. The owner of such a virus has the ability to modify and temporarily disable the malicious function. 

Signs of site infection form viruses can be as follows:

  • Antivirus software is triggered when entering the site
  • Instead of the page that should be suddenly displayed, a completely different page, most often – of pornographic content
  • The page has stopped displaying altogether, but there are no error messages.
  • IE browser freezes, in other browsers the page is displayed normally
  • Google search engine gives warning about dangerous site, and FireFox browser shows red warning page
  • Other oddities in the site

What are they doing?

Viruses that infect websites can do a wide variety of jobs. The most harmless thing these viruses can do is to advertise pornographic resources without harming the visitor’s computer. However, more often than not, these viruses install malware on visitors’ computers. Once installed, this software can steal passwords, send spam, destroy data, so the damage can be quite significant.

When a website is infected, the virus can damage pages to an irreparable state and, in any case, causes serious damage to the reputation of the website and its owners.

Where do viruses come from?

The ways of infecting a site can be very different. A virus can enter a site from the site owner's computer or from any other computer.

If the computer from which the website is legally accessed is infected, the virus can use the open ftp session to perform the infection. Also, the virus may not infect the site directly from the owner’s computer, but steal saved passwords, send them to another location and from there infect. In this case, after infecting a site or sending passwords, the virus can remove itself from the computer to make it difficult to detect the infection.

site infected form viruses

Another way of infection is the exploitation of vulnerabilities in scripts of the content management system. In this case, the virus does not need to infect the computer from which the legal access is carried out: if there is a vulnerability, access can be obtained from any computer.

Please note that we are not responsible for the safety of the user’s password and actions taken when the password is misused.

What to do? If signs of site infection form viruses found

If a virus is detected on the site, first of all, it is necessary to check all computers from which legal access to the site was carried out with fresh antivirus programs in order to exclude this path of infection in the future.

The next thing to do is change the password for ftp access. This can be done by writing to your hosting provider (in the event that you have access to FTP)

If you use a content management system, then you must also change the password for the administrative part of this system.

After checking computers and changing passwords, you need to clean the site. Removing viruses from the text of pages completely cleans the site from viruses. If, after cleaning, it is not possible to restore the site to work, we can restore it from a backup.

If you have access to FTP, in order to clean it from viruses, you need to go to the site via ftp and view all files for viruses. Script viruses are very clearly visible in the text, frame viruses are somewhat more difficult to notice, contextual search may be needed. It is very convenient to perform contextual search using the built-in ftp clients FAR and Total Commander: these programs allow you to search on ftp in the same way as in a local directory.

Any files displayed as text / html can be infected on the site: * .htm, * .html, * .php, * .shtml, * .inc, etc. Files storing java scripts: * .js can also be infected. Files displayed as images: * .gif, * .png, * .jpg, etc. can never be infected, if a virus tries to infect such a file, it will only spoil it. If your site uses include files (all content management systems use include files), then not the file itself that the visitor requests, but any file that it includes, which complicates the search for a virus, may be infected.

How to avoid? Your site get infected form viruses

You can avoid website infection or, at least, significantly reduce the risk of virus infection by observing simple safety rules:

Be careful with passwords, do not give passwords to unauthorized persons. If you have given the password to an unauthorized person, if necessary, change the password immediately after completion of work. At least twice a year, change passwords to ftp and to the site management system, even if there were no signs of password compromise and every time the password was compromised (that is, in a situation when the password became known or could become known to unauthorized persons, including – upon dismissal of an employee). Never enter a password from someone else’s computers, especially computers in Internet cafes and other public access points.

site infected form viruses
Install anti-virus software on your computers, update it regularly, limit the number of computers from which you work with the site.

Restrict access rights to files on your site: normal file access mode is 644 in unix notation, that is, full access only for the owner, everyone else – only read. Setting such rights will reduce the risk of infection through script vulnerabilities

Keep a local copy of your site. We make a backup, but the copies are kept only for a month, the existence of older copies is not guaranteed, and if you find an infection after 4-5 months, then we may not be able to help you. Any existing backup copy of the site can be provided to you at your request.

Follow Us on Instagram and Facebook

For More Tech Tips ,RATINGS and REVIEWS

Leave a Reply

Your email address will not be published.