9 {{ upvoteCount | shortNum }}
9 {{ upvoteCount | shortNum }}

i accidentally found out my website was infected with a virus

by Cosmit
8 replies
  • SEO
    • |
i was pretty shocked when i found out that my website was infected with a virus. i accidentally noticed a file that looked out of place. upon inspection, the file was encoded multiple times, so I had to write a script to decrypt the contents. after decrypting it, what do you know... a ton of functions and tools for the hacker to do whatever they want with my files, database, etc.

if somebody who's not very computer savvy gets their website infected they will most likely never find out because you will not notice anything wrong with the website. it duplicates itself to your other domains (if they are on the same server).

to detect the virus you need to check for a "default.php" file within your main directories. then, check your .htaccess files to ensure it doesn't contain any code redirecting users to default.php. Also, the virus will create random files that begin with something like this:

<?php
eval(gzinflate(base64_decode(...

If you see that in any files you can bet that it's a virus.

The point of this is.. you can have a virus without even knowing it. I have no clue where the virus came from, but i wrote a script for myself that scans the entire server for any suspicious code. If anybody wants a copy just drop me a message.

dont wait until google shows "This site may harm your computer" next to your website.. because 2 of my domains already have that.
#accidentally #found #infected #virus #website
  • Profile picture of the author yukon
    Banned
    If your running Wordpress I doubt it's a virus, it's usually a free theme/plugin that was hacked before you downloaded/installed the theme.

    http://www.warriorforum.com/adsense-...ml#post7330121
    {{ DiscussionBoard.errors[7681996].message }}
    • Profile picture of the author nabelea
      Hey, this happened to me for several wordpress websites. I know, I was not the most careful administrator, I had some 777 access to some files and folders.

      I manage to fix the problem by using Anti-Malware by ELI (Get Off Malicious Scripts) plugin. You install the plugin, update the AntiMalware definition list and then proceed for scanning. It takes a while depending of how much data is stored in your host, but it does its job.
      {{ DiscussionBoard.errors[7682543].message }}
  • Profile picture of the author laurencewins
    Don't you do regular anti-virus scans???
    Signature

    Cheers, Laurence.
    Writer/Editor/Proofreader.

    {{ DiscussionBoard.errors[7682854].message }}
  • Profile picture of the author soylentgreen
    Does it make a difference if you are using Linux instead of windows? I run a dual boot on my PC and feel that my linux os is much more secure than windows. I've never had any kind of virus with linux os but, I have no clue if the same security translates to websites..
    {{ DiscussionBoard.errors[7682914].message }}
    • Profile picture of the author nabelea
      Guys, the problem here is that he has his website host infected, not his PC.
      {{ DiscussionBoard.errors[7693859].message }}
  • Profile picture of the author bb785
    These infections are almost always related to having permissions set incorrectly. Shared hosting is particularly susceptible to this especially with the budget plans. Better to go with a VPS if you can afford it.
    Signature
    High PR Contextual Links
    25% Off - Warrior Discount
    Use Promo Code WF2012
    {{ DiscussionBoard.errors[7694754].message }}
    • Profile picture of the author so11
      Originally Posted by bb785 View Post

      Better to go with a VPS if you can afford it.
      Hello,

      I'd have to disagree with this one... A VPS is only a better solution if you know what you are doing and if you really need the potential that VPS solution can offer.

      If you have a vulnerable site, on shared or on VPS it is still vulnerable...

      good luck
      Signature
      www.groupesoloviev.com
      We help businesses manage cyber risk and compliance requirements.
      {{ DiscussionBoard.errors[7695893].message }}
  • Profile picture of the author so11
    Originally Posted by Cosmit View Post

    i was pretty shocked when i found out that my website was infected with a virus. i accidentally noticed a file that looked out of place. upon inspection, the file was encoded multiple times, so I had to write a script to decrypt the contents. after decrypting it, what do you know... a ton of functions and tools for the hacker to do whatever they want with my files, database, etc.

    if somebody who's not very computer savvy gets their website infected they will most likely never find out because you will not notice anything wrong with the website. it duplicates itself to your other domains (if they are on the same server).

    to detect the virus you need to check for a "default.php" file within your main directories. then, check your .htaccess files to ensure it doesn't contain any code redirecting users to default.php. Also, the virus will create random files that begin with something like this:

    <?php
    eval(gzinflate(base64_decode(...

    If you see that in any files you can bet that it's a virus.

    The point of this is.. you can have a virus without even knowing it. I have no clue where the virus came from, but i wrote a script for myself that scans the entire server for any suspicious code. If anybody wants a copy just drop me a message.

    dont wait until google shows "This site may harm your computer" next to your website.. because 2 of my domains already have that.
    Hello,

    that's why it is important to frequently validate your security configurations and do security scans.

    Most of the successful cyber attacks are never discovered...

    good luck
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[7695884].message }}

Trending Topics