I run a small website for my club and recently I have been told by some visitors that a threat was detected when they viewed my site. How do I find out why this has happened, and remove the threat. I don’t know how to check my site for this type of problem.
Any help or advice would be very welcome.
Many thanks for your help crazybanana, I’ll do what you have suggested.
I deleted the meta data so unfortunately I can’t pass it on for you to look at.
Thanks again, very good of you to help.
the problem can be related to some of the things running on the server. like services and scripts on your webpage; - premade Content Management Systems like Joomla, Wordpress etc… forum software, or even forms for feedback etc…
it doesn’t have to happend before you FTP it to your webpage, it can happend after you did this.
this is done on the server. if you run a CMS or forum, try to check it for updates or security patches. if you have any scripts running, try to see if there are any updates or patches to it.
feel free to ask any kind of questions on these forums 
check the files and folders on your server for malicious code/files. this be as i said before, strange files and folders or some strange/gibberish or unknown code inside your source code.
also have a look at the files local on your Mac.
changing FTP username and passwords is recommended in such cases…
if you have the metadata you removed, you can submit it to me in a PM and i can have a look at it to see if there is something to read from it.
I have removed temp internet files and had a look at the code on my pages.
Interestingly I found what looked like an extra line of meta name data, containing a string of what looked like jibberish, in my index file.
I deleted this line and uploaded the modified page to the server and guess what; no alert!!
This appears to have solved the problem. Great stuff!!
I do my web development on the mac not the pc laptop, and I thought this would be secure. Maybe not.
Now I’m very puzzled as to how that extra line of code got on to my page, and worried that it could happen again.
Thank you so much for taking the time to help me! I’m very grateful,
Cheers to you crazybanana and mittineague for taking the time to help a poor rookie like me.
no prob dude, we’re here to help :tup:
you should check your webpage for any security flaw. if you run some scripts or services, see if there is any security patches or updates to it.
also do a deep scan on your xp box.
the code must come from a place, and you wants to know where and how.
No one said anything about how they detected a threat or why they believe there’s a threat?
Cheers,
The problem must have happened through my mac as this is where I work on the site, store the files and upload to the server from,
with regard to,
“you should check your webpage for any security flaw. if you run some scripts or services, see if there is any security patches or updates to it.”
I don’t know how to do any of this on the mac.
As far as security is concerned, I’m pretty much a novice.
Could you explain? What do you suggest?
so what virus scanner are you using? just curious as this malware is associated with - fake alerts 
and has some host files on your computer to deliver these fake alerts. it can also suggest a handfull of fake antivirus apps to help you remove these fake threats.
anyway, first thing you will need to do is to check your own page for unwanted code. this can be javascripts, strange gibberish code, iframes etc, and you may also have a look after suspicious files and folders on your server.
I see it gives a warning about “main.html” begin having a look at the sourcecode of this page…
clear all temp files, then download malwarebytes antimalware to the win xp laptop -> install it -> update it -> run it -> run it again from safe mode just to be sure.
then try visiting your site again
Yes, sorry , they have. I run a Mac and have had no problems, but when I view the site on my laptop (windows xp) the following warning is shown;
Threat detected!
File name: c:\Documents and Settings\User\Local Settings\Temporary Internet Files\Content\IE5\I50JQTQ5\main[1].html
Threat name: Trojan horse FakeAlert SD
Detected on open
I developed the site and have been running it for a couple of years but have not encountered a security prob like this where I appear to have an infection on my pages.
I would be very grateful for any explanation about how this happens, and what I need to do to stop it happening.
I guess I’m more of a rookie than I thought!
Thanks for your reply
PM me your website url and I’ll see if anything obvious stands out. Fixing hacked page is a band-aid measure if the fault that let them hack the page in the first place still exists.