SitePoint Sponsor

User Tag List

Results 1 to 8 of 8
  1. #1
    SitePoint Member
    Join Date
    Sep 2010
    Location
    San Diego, CA
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Exclamation Re-building after a site hack/malware attack

    Hello Esteemed SitePoint Community!

    Unfortunately, my site hosting service provider, WEBFUSION, was recently hijacked and as a result, I've had several accounts -where I syndicate some of my postings/articles- suspend my account, stating that 'my article brings up a malware/virus warning."

    The site's administrator -the site where I'm trying to publish these articles- continues, "Please contact your webhost to ensure that your links do not contain a virus. Let us know when the links in your article have been tested and verified and we will review the account for reinstatement."

    I have since contacted my hosting service and we corrected the problems with the page (I think...). WEBFUSION informed me they were going to re-load my old site template and that the problem would be taken care of a.s.a.p.

    With that, my question to the community is: how would I go about checking to make sure my site is no longer vulnerable to attack? I am hesitant to merely go on the advise of the hosting service since our conversations and their actions have been two completely different entities.

    Please advise and thank you in advance!

  2. #2
    SitePoint Zealot
    Join Date
    Oct 2008
    Posts
    140
    Mentioned
    4 Post(s)
    Tagged
    0 Thread(s)
    A quick search turned up some free virus checkers for websites. Me I would run a few of them before contacting my accounts.

  3. #3
    SitePoint Enthusiast
    Join Date
    May 2010
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I see I'm a little late here, but, you can use a site like http://www.rexswain.com/httpview.html to view what your site is delivering to your visitors.

    You can use different user agents and referrers to be certain it isn't in your .htaccess files.

    Some keywords to search for in your files are:

    unescape
    document.write
    eval(
    base64_decode

    Also, for malscripts look:

    Before the opening html tag
    After the closing head tag
    between the closing head tag and opening body tag
    Before the closing body tag
    Between the closing body tag and closing html tag
    After the closing html tag

    In .js files, look for obfuscated code at the end of the file or a series of document.write statements

    Just some helpful hints...

  4. #4
    Community Advisor silver trophy

    Join Date
    Nov 2006
    Location
    UK
    Posts
    2,551
    Mentioned
    40 Post(s)
    Tagged
    1 Thread(s)
    The topic has been discussed many times on this forum so there are plenty threads that go into more depth but -
    you need to make sure any software and plugins you use are up to date,
    you need to change all passwords including ftp
    you need to run a virus scan

  5. #5
    SitePoint Member Srator's Avatar
    Join Date
    Nov 2010
    Location
    China
    Posts
    6
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs up

    Quote Originally Posted by EastCoast View Post
    The topic has been discussed many times on this forum so there are plenty threads that go into more depth but -
    you need to make sure any software and plugins you use are up to date,
    you need to change all passwords including ftp
    you need to run a virus scan
    and the holes scan is needed; then fix them

  6. #6
    SitePoint Addict
    Join Date
    Oct 2008
    Posts
    205
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Hi,

    Make sure that your local machine is not hijacked, change the requred passwords like, FTP password, DB password, login password e.t.c. Delete the hijacked posts or articles resore your old data. this might help you.

  7. #7
    SitePoint Member kclemens's Avatar
    Join Date
    Nov 2010
    Location
    USA
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I would switch web hosts immediately.

  8. #8
    SitePoint Enthusiast
    Join Date
    May 2010
    Posts
    25
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Switching web hosts could just bring the infection over to a different host. You have to find the infection, remove it, then find out how it happened.


Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •