WHERE DO VIRUSES COME FROM ON THE SITE ?

Imagine that you are a happy owner of your own website, which is developing and gaining popularity every day. Suddenly, all of a sudden, at the next entrance, the antivirus program began to swear that the site was blocked by Vikrus! Or did the users of the site tell you about the presence of viruses by contacting Feedback? Or did interactive scripts stop working on the site? What does this mean?

All this suggests that the resource is infected with viruses, i.e. alien malicious code. How did he get there, who is to blame, and how to remove it, as well as what needs to be done to avoid such problems in the future? All these questions arise from many more inexperienced owners, and even from experienced ones. We will try to answer them.

WHAT IS A VIRUS LIKE?

Malicious code is encrypted JavaScript-code that is inserted into the code page of the site. When it is executed, an iframe is formed (the ability to include and display images or the contents of one page in another). It is when an inserted iframe is detected that the alarm must be sounded immediately. Such attacks can be carried out on both private and corporate sites. In no case can postpone the treatment of an infected site until later. First of all, the reputation of the site itself suffers. He will lose regular users who were so hard to get involved.

The virus on the site is a big nuisance.

SITE INFECTION MECHANISM

In the overwhelming majority of cases, the site is blocked by a virus that gets to it through the computers from which FTP access was made to it. First, the virus hits exactly on the device itself. There he discovers and copies passwords for access and steals them. Passwords are sent to the computers of hackers, where programs are installed – robots that trust all the “dirty” work. Robot programs perform FTP access using the received passwords, detect root files, download them, add their own malicious code to the end of the code and upload them back, replacing the originals with them.

At the same time, the server cannot determine that at that moment they entered the site from another computer, since the whole procedure looks like a regular login to the user’s site via FTP. The server will think that this owner has come to check how things are going there.

VIRUS REMOVAL

The first step is to prevent re-infection and protect the site from viruses. To do this, you need to urgently change access passwords, check all computers that are running FTP access for viruses. Antiviruses should be powerful with updated databases.

In order to remove the malicious code and protect the site from viruses, simply open the infected file, find the desired site, delete it and save the clean file. In some cases, the file may contain several codes at once. And sometimes the files are damaged so much that it is much easier to delete them and restore everything using backup copies of the files. This will significantly save time than if you will waste time and heal the resource manually.

PREVENTING INFECTIONS IN THE FUTURE

Stepping on a rake once, do not do this in the future. To prevent a situation when the site is blocked by a virus, you must observe the following security rules:

  • It is better not to use the ability to save passwords in FTP clients. Access passwords should be changed regularly.
  • Write them on a piece of paper or copy it onto removable media and hide it in a safe place, but do not let them be in the hands of others even from your personal environment.
  • It is better to minimize the number of devices from which the FTP-access.
  • For FTP access, you should use reliable and modern computers with good antivirus programs. The programs themselves must be licensed, with all the included verification options, with updated databases. Choose an expensive but reliable product with a reputation and positive reviews.

Leave a Reply

Your email address will not be published. Required fields are marked *