Site treatment

Cleaning websites from viruses

Unfortunately, after the launch and successful operation of your Internet project, you may encounter a "problem" on the site, such as a virus. The Virus can be a "harmless" link to some external source or the introduction of dangerous scripts on the site that interfere with the normal functioning of the website or completely block it.

The reasons for the appearance of viruses on an Internet site may be the use of a simple password to access the administrative panel of the site management system and its possible vulnerabilities. For this reason, it is always very important to comply with the minimum security requirements: use complex passwords and keep your CMS up to date.

Why do websites get infected?

The causes of website infection can be very diverse, but the main ones are as follows:

• Creation of “phishing” pages that are used to steal plastic cards and numbers and passwords of various services. Phishing pages, as a rule, are almost identical copies of real pages, but they differ in some elements and the address of the page;
• Using an infected site as a place to post information or advertise another Internet resource;
• Competition: hacking your site and lowering your search engine ranking;
• Using an infected site to attack other sites, sending spam.

Symptoms of site infection

• Visual changes that you did not make on the site. For example, advertising banners or images may appear, redirecting to other resources;
• Warning from Yandex when entering the site: "the site may pose a threat to the security of your computer";
• Warning from Google when you visit the site: "this site can harm your computer";
• Yandex.Veb-ustasi va Google veb-ustasi vositalari da shunga o'xshash o'yinlar;
• PHP yoki JavaScript skriptlarida kuutilmaganda paydo bo'lgan xatolar;
• Blocking the site by antivirus programs installed on the computer.

How sites are infected

Theft of site access parameters through the FTP protocol: when viewing any infected page, letter on the Internet or downloading a viral program, a virus can start to search for logins and passwords on the user's computer. access the site saved on the computer. To prevent this from happening, do not save passwords in plain text, use encryption programs, and most importantly, remember them;

Choosing a login and password to access the administrative part of the CMS used on the resource: unfortunately, many site owners and creators initially do not care about the "inviolability" of the website and use "hackneyed" login-password pairs. Malicious programs, in turn, have large databases of the most common input parameters, scan them and select them. After hitting the" target", the attackers gain complete control over the damaged site;

Использование уязвимостей используемой системы управления сайтом. Несовершенство всевозможных CMS оставляют злоумышленникам еще одну возможность заражения сайтов: зная «дыру» в каком-то модуле или в движке сайта, можно вредрить в него паразитный (вирусный) код

How is the site treated?

1. Create a backup

We create a backup to restore the site (files + database) "if something goes wrong".

2. Remove viruses from computers

It is very important to clean all computers on which the site can be accessed from viruses, since most often the infection of the Internet site is caused precisely by the virus on the computer. To treat a computer from a virus, you can use a paid antivirus program or very useful Dr.Web CureIt! you can use the ® utility, it is distributed free of charge, but very effective. In addition, you should ensure constant comprehensive antivirus protection during the entire operation of your computer, not limited to one-time checks.

3. Change passwords

It is necessary to change passwords for all accounts, logins, control panel, email, etc. In other words, passwords should be changed as much as possible. But first of all, you need to take care of accessing the control panel via FTP and hosting.

4. We are looking for a " weak place

As a rule, the site is transmitted through a weak point ("hole") on the site, through which attackers enter their malicious code. After analyzing the service LOG files (LOG files to access the site), you can find this "hole". An alternative option is to view site files via FTP and find files with the latest modification date. These files may have included a virus. However, there are cases of changing the file modification date, so it can be very difficult to find files that have been modified by the virus.

5. Remove viruses from the site

At this stage, you need to download all site files to your local computer and check them with antivirus software. For greater accuracy, scanning should be carried out with several antiviruses: Kaspersky Anti-Virus, Dr.Web CureIt!, NODE 32, Avast. Site files can be downloaded to a PC using the FTP protocol and a special program - the FTP client. However, with a huge number of files, downloading via FTP takes a long time. In this case, there is another possibility - to use the SSH protocol. But working with an SSH client requires special knowledge and skills, so it is better to entrust such work to a specialist.

After checking the files with an antivirus, we remove the malicious code detected by the antivirus program. In addition, it is necessary to analyze the presence in the files of such words as "iframe", "exploit", "shell", "javascript", "unescape", "eval", codes in the base64 format. The presence of all this may indicate a file infection.

6. Site Verification

After completing the above steps, you need to reload the site files to the hosting and check the functionality of the resource. Some of the website's functionality may be compromised. In this case, you may need to reinstall the management system and further configure the resource.

An additional tab for posting information about services, delivery or other important content. This will help you answer the buyer's questions and clear his doubts about the purchase. Use it at your own discretion.

You can remove it or return it back by changing one checkbox in the component settings. Very comfortably.