Knowledgebase

Viruses on the web. Help!!! What are they and how do we eliminate them?

Lately, cases of websites that are infected by viruses or malicious code, without the webmaster noticing, have increased significantly.


How did the virus get in?

Contrary to what common sense would indicate (if my site has a virus, my hosting provider's web server is infected), the problem is/was almost always on the PC from which the website is updated.

Those who upload this type of virus, with the intention of spreading it over the Internet, aim to steal fundamental information: your FTP keys.

With these keys, they upload infected files or modified pages, without you realizing it. What's more, if the attack is elaborate enough, they can even instantly obtain your new FTP key the moment you modify it.

Another very common way to add a virus or malicious code to a site is by exploiting the vulnerability of an outdated application (forum, blog, photo gallery, shopping cart, etc.). That is why it is essential to always have the application updated and apply the security patches recommended by its developers.


How do I find the virus?

The most used way to hide a virus on a website is known as an "iframe attack".

The iframe hides in the code of your pages, and what it does is call another page invisibly (that is, neither you nor anyone who visits your website notices it), seeking to better position that hidden page or infect it with viruses. or malicious code to visitors.

The most common thing is that they add it to the code of their index page (index.html, index.php, etc.). It also happens, with viruses like Gumblar cn, that they upload a file and place it in a folder where it is difficult to detect (Gumblar cn, for example, uploads a file called image.php inside the images folder).


How do I eliminate the virus?

Step 1: Enter via FTP and download all the content of the site to a folder on your computer. Immediately after, change the FTP password from your Control Panel.

Step 2: Run a good antivirus and antispyware on the folder that contains the website, and on the rest of the computer (including removable disks).

Step 3: Once the antivirus has removed suspicious files, manual work begins within the folder where your website is.

With a program that allows you to search within the files, you will have to identify all those that include an iframe with a hidden style, which do not correspond to your page, and eliminate that portion of code.


Example:

style=”visibility: hidden; display: none”>

Following the same procedure, also look to see if there is a document.write on any page, followed by an encoded line.

Example:

 

If it exists, delete that portion of code.

Make sure that all src= and http:// refer to files on your website or to external sites that you know and trust.

Then, all that remains is the manual review: searching through all the files for the existence of any .php, .js, .htm, .html, asp, .aspx, .inc, .cfm, etc., that does not belong to your website .

Step 4: Once this is done, and you are sure that your site is clean, connect via FTP securely. Delete everything in the public_html folder, and upload the files you just cleaned.

Step 5: Now, delete your browser's cache, open the index page of your website and all those that were detected as infected in the first review.

From the browser menu choose the option to view the source code of each page. If the iframe pointing to an unknown website or the document.write no longer appears, then it means that the site is clean.

Step 6: If Google flagged your website as suspicious, you will need to request a review to lift the alert page. You will need to fill out the form on Google Webmaster Central or StopBadware.

Generally, if Google does not find infections, within a day it removes the site from its list of websites suspected of hosting malware, although both sites make it clear that it may take a few more days.

  • 3 Users Found This Useful
Was this answer helpful?

Related Articles

Prestashop update

Update Prestashop To update Prestashop to the new version, the following steps will be carried...

How can I manage the domain?

For everything related to the administration of your domain, you must use the CPANEL control...

What is a subdomain?

Subdomains are extensions that we can use with our domain, for example, suppose that our domain...

How to publish my website?

To upload the content of your website to the server you can use any FTP client such as FileZilla,...

What is considered SPAM?

Spam is the act of sending unsolicited electronic messages (usually commercial) in massive...