Jump to content

Website Virus

karldenton

By karldenton
in Web Development

 Share

Recommended Posts

karldenton

karldenton

Posted
Posted

Hello,

I designed and maintain a website for a local guest house. The host is student web hosting. I seem to constantly be getting a virus on the site, at least 3 times a week. I don't have any php or scripts running so it can't be an exploit of that. It seems to create a script at the bottom of the page that runs when the page is loaded. A simple re-upload of index.html gets rid of it.

Thanks

Karl

contink

contink

Posted
Posted

I'd recommend you check the permissions on the site to see if anything is world writeable as that can be part of the problem.

 

Next I'd download the whole site and see if there's anything that's been added recently or hidden away..

 

Thinking about this a little more you might also want to check when the index.html file was last edited before you overwrite the next "infected" version before checking the access and error logs for your web server to see where the infection could be coming from and how they may be doing it. It's not an exact science but you should spot something in those logs somewhere if you look hard enough.

 

Finally as localzuk nudges I'd change the password on the account as it could be someone accessing the account but it sounds more like it could be a problem with the server being exploitable..

 

... actually on that point I'd contact the hosts and check they've got everything up to date and/or patched

karldenton

karldenton

Posted
  • Author
Posted

Hi guys,

Thanks for the replys.

By a virus- i mean when you load the page, it loads, but at the bottom, it says loading http://*****.** - this is usually a site that has the virus. It then pops up at the top - page wants to run ***.exe.

I wil change the password but i'm pretty certain no-one has it.

The permission on the www folder is 750.

When the site has been "attacked" the index.html modified date is different to the local version. Next time it happens i will check the access log.

I agree- i think its the server been exploitable.

Thanks

contink

contink

Posted
Posted
Hi guys,

Thanks for the replys.

By a virus- i mean when you load the page, it loads, but at the bottom, it says loading http://*****.** - this is usually a site that has the virus. It then pops up at the top - page wants to run ***.exe.

I know the sort you mean, I've seen it on a few sites and it's usually a javascript injected into the bototm of the page.

 

I wil change the password but i'm pretty certain no-one has it.

Better to be safe.. :)

 

The permission on the www folder is 750.

That's ok but you may want to check ALL your folders to be sure that there isn't one that is world writeable.. I've had a few sites hacked in similar ways and once they're in they can often do quite a few things so look for other less obvious avenues of ingress.

 

Good luck..

karldenton

karldenton

Posted
  • Author
Posted

Thanks guys,

Happened again at 6:57 this morning. The only thing on the log was access from googlebot on robots.txt

I've changed the password.

Does anyone know what permission should be on the root, www, and index.html ?

They are set to 750, which gives user - read,write,execute, group - read and execute, and world nothing.

Thanks

Karl

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing


  • 46 When would you like EduGeek EDIT 2025 to be held?

    1. 1. Select a time period you can attend


      • I can make it in June\July
      • I can make it in August\Sept
      • Other time period. Comment below
      • Either time
×
×
  • Create New...