My website keeps getting same virus

Posted on 2009-05-23
Medium Priority
Last Modified: 2013-11-16
My website keeps getting the same virus.  What happens is that my antivirus or google's Chrome browser will catch it if I go there.  The security says the malware is trying to redirect it to a porn site - myf*pus*.com.

So I deleted all my files in public_html about 2 weeks ago uploaded my files and it's back again!
I talked to the hosting company bluehost.com and they are not sure.  They said possibly my PHP code is out of date.  

I had someone design one of my websites and they used php.  Could the php be out of date perhaps leaving some back doors for some rogue program to get into?

I use frontpage 2002 SP3
It's a bit aggravating....

Question by:servent1

Accepted Solution

epochasset earned 672 total points
ID: 24460763
If your on a shared server, you might be getting the virus or code injection by just being there.

Make sure that everything in your site has read only permissions unless it absolutely has to have write.  In this case, anything else on the shared server wouldnt be able to modify your site code just by trolling through directories on the filesystem and modifying files with specific extensions (html, php, etc).

This is the first thing to do in order to prevent further issues.

Next, you need to determine if your developer used any third party CMS (content management system), etc. Look at the files, pick out folder names that look somewhat unique and search for them on google.  If your using something like joomla, your going to want to check for security updates, as your application may have holes.

As always, change all passwords you use to access your site, as your credentials may have been obtained using a variety of means.

These would be the things to start with.

Author Comment

ID: 24461048
Good suggestions.  I changed my file permissions and password.  I won't know until about at least a week if I get infected again.  Thanks for the advice.  

Assisted Solution

astralcomputing earned 664 total points
ID: 24461859
servent1, your web server has an outdate os or service, and it has a vulnerability. There are worms on the web that search for vulnerable systems, crack the http and inject this code.

It probably has an app on it and probably alot of href silently put on.

Either your hoster has to patch the system or you should get a new hoster.

This is almost certainly the cause.

If you think it is php code, a vulnerability assessment will most likely reveal it. There is a charge for those services.

Assisted Solution

e-wiZz earned 664 total points
ID: 24757651
I had hosting at same company,and my site was hacked like 5 times,so that is problem 100%
i researched on net,and i saw at couple "hacking" forums a lot of accounts from that hosting provider...so find other one if you want to make secure site
i suggest Applied Security http://www.appliedsec.com/

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

If you are like me and like multiple layers of protection, read on!
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question