whspider
asked on
Virus on website
My website shows
Reported Attack Page!
Linux server
PHP and html files
What do I do now ?
Plz advice
Reported Attack Page!
Linux server
PHP and html files
What do I do now ?
Plz advice
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
make sure you have secure passwords and if you do you probably have a bug in a script. The site i worked on was a bug in Joomla 1.0 to gain access.
Make sure you are running the latest version of any scripts or CMS.
Make sure you are running the latest version of any scripts or CMS.
Read antyvirus log and then find the reason.
have a look @ http://hakin9.org/magazine
at first, change all you application, system and FTP passwords.
analyse ftp logs: most problem is unsecured ftp clients, which save passwords in plain text. Often this user click "save pw" and local workstation viruses found it.
look and analyse .htaccess files for rewrites, delete or fix necessary lines.
after analysis of logs, your will see which info was changed. For example, most viruses add own body as <IFrame> directly in the end of php files. If you'll find it, simple delete with text editor, preserving php code structure.
ASKER
The iframe gets injected often eventhough i change the ftp passwords and all ,,, how do i avoid all that ?
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
ASKER