website affected by virus how to protect the websites infected

Dear Experts

We have hosted our websites on godaddy dedicated linux server and we use wordpress CMS for our websites, we have taken iptables security measures, but still the websites is infected by virus, please suggest how to protect the website getting affected by virus/spam etc.
D_wathiAsked:
Who is Participating?
 
btanExec ConsultantCommented:
it would have been on the host server rather than the page already and do change all account password at the same time, as mentioned consider running the online scanner as another verifying point.

e.g. Virus scan - http://virustotal.com, select the URL tab, and scan the site
e.g. CMS scanning http://sitecheck.sucuri.net/ it also check whether or not you have any outdated plugin or CMS running
e.g. Check for injected malicious Javascript (iFrame) http://jsunpack.jeek.org/ into any of web server files. Can be less intuitive, but provides a good overview
e.g. More graphical in http://urlquery.net/ as compared to JSunpack, it is useful to see if any IDS signature was triggered as well as JavaScript and HTTP Transactions etc
0
 
Jason C. LevineNo oneCommented:
0
 
btanExec ConsultantCommented:
First of, ensure the clean slate and readily patch state, Wordpress is just always buggy esp with the "so many" plugin it can support - good for user but bad for securing each. Have Wordpress scanner (WPScan @ http://wpscan.org/) be conducting the checks on the strict regime. of course we are saying the OS patch need to fixed readily too, do not neglect that. In fact, there is a Sucuri Security WordPress Security plugin is free to all WordPress users, it is a security toolset for security integrity monitoring, malware detection and security hardening. For info they have Surcuri Sitechecker online to scan the site if public accessible @ https://wordpress.org/plugins/sucuri-scanner/

For the Iptables, it is godo as to if you identify the source of attack but it can be spoofed and always changing, so with iptables traditionally being logging basic entries to /var/log/messages. You will need specific logging to be noted in your firewall rules if you’d like to track and research traffic for those targeting your wordpress before enforcing into existing ruleset. This guide has been as broad one to harden the server but i do see it applicable in linux platform
 @ http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html

Second, check out the web application with secure coding to ensure the regime of OWASP top 10 minimally has been closed or with mitigation measures, these are the common hole to drill into. The cheatsheet (e.g. Secure_Coding_Cheat_Sheet and Web_Application_Security_Testing) to better defend is useful @ https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series

Thirdly, explore a web app firewall (such as modsecurity or separate) - see the "Virtual_Patching_Cheat_Sheet" e.g. ModSecurity WAF in embedded mode or as reverse proxy @ https://www.owasp.org/index.php/Virtual_Patching_Cheat_Sheet
0
 
lenamtlCommented:
I'm using this script, this is not protecting from attack but at least you got informed by email if files got changed, added or deleted.
You can use it on share hosting
https://github.com/lucanos/Tripwire
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.