Sooner or later, your site, created by order or by your own hands, will be visited by intruders. The main purpose of these "IT bugs" is to increase traffic to your site by redirecting (redirecting) a visitor, hanging a special blocker virus (banner) on your resource, extorting money, in rare cases - a simple sports interest. Regardless of what the site is - a business card of a company or an online store, a virus infection is always unpleasant and often leads to direct material losses, a decrease in the site's rating and even its complete blocking by search engines. Identifying and cleaning a site from viruses is a rather painstaking and long work, often accompanied by recurrence of infection. However, it is within the power of any site administrator, the main thing is to follow a certain sequence of actions.
Which side to approach the infected site
If the site is infected with a virus, and the signs of this are, for example:
• Automatic redirect to another resource or blocking the user's computer with a banner virus.
• Message from a search engine (Yandex, Google) that a malicious code has been found on the site.
Then you can get close to the virus code and literally "dig out" it only from the control panel of the site on the host. More precisely - from the part called the FTP manager. This approach will allow you not to run the infected file, but to see the line of the virus code and destroy it.
The trail left by intruders
If you open the FTP-manager of the site control panel on the host, you will see a list of files and folders that make up the site distribution kit. Next to each of them is the date of creation and modification, including the time. It is she who is the trail by which it is determined that the villains have visited your site. Well, of course, if you remember exactly what, when and why you changed it on the site.
What can be seen in a folder or file that you did not change
Having entered the folder, the modification date of which is in doubt, you may find there not your files with the.exe and.js extensions or the index files like index.html and index.php changed, again not by you. There should be no files with the.exe extension in the distribution kit of the site, this is an obvious virus. The.js executable files can be your own, but extended, so they should not be destroyed immediately. The most common viruses in index files are:
• Eval…> a very long unbreakable string of Latin letters and numbers is a sign of a virus.
• iframe… a sign of a virus - the frame size is 1 by 1 pixel.
What to do
Curing a website from a virus begins with a general cleaning of your own computer. It is imperative to change all logins and passwords: FTP, access to the site administration panel and access to the control panel on the host.
After that, in the host FTP manager, you check each file that is in doubt. You don't need to run it, but see the code, so click on the "edit" button. Files with the.exe extension are immediately destroyed; those with the.js extension are checked for extra lines of code. To be sure, keep all the scripts installed on the site in a separate folder on your computer. In the index files, erase all pixel-sized frames and long, meaningless lines from a set of letters and numbers after the icon.
Before logging into the FTP manager of the site control panel, there are usually folders of log files. They need to be opened and seen - who visited the site at the time when the infection was supposed to have occurred. You will see the attacker's IP. Create (if it does not exist) an.htaccess file inside the folder with the site files and write in it a line to deny login from this IP.
After two days, you need to re-revise, perhaps the process of cleaning the site will have to be repeated several more times.