Comments on: Check your website for virus attack !

By: georgi

georgi

hi,
i have been having problems with facebook for a few days now,It lets me sign on to my account but doesnt allow me to do anything else.. Do i need to delete my account. i have a variety of virus checkers such as AVG and COMODO firewall but neither have picked up any issues with the site. i would really appreciate your help as it is starting to bug me.

By: James

James

I wish i could try the explit scanner on if i could log in. My site wp-admin log is redirecting to myndomain.com anf would just freeze the browser.

By: Vladimir

Vladimir

You could try exploit scanner plugin mentioned in the article.

By: James

James

I think my site has been hacked as i could not log in to admin section.Each time i tried, the login redirects to myndomain.com and i my broweser would froze away. I checked index.php and i found , which i have removed but the problem still remains. Any help would be appreciated.

By: Vladimir

Vladimir

There is very slim, if any chance of having a blogspot blog infected. Probably it is a false alarm

By: jenie=)

jenie=)

i am ssssoo frustrated right now because i am a newbie and i dont really know what to do and WHAT TO LOOK FOR. i dont know what to do. my blogs are infected according to some blogger friends. but im not using wordpress...am using blogspot.

is it possible that the virus came from those clickables? or adsence? advertizers? im afraid to move right now. but i think im losing friends, im losing opps...and my computer's getting affected. help me? anyone?

what's the best anti virus then? i have avg, and to try and upload mcafee. what of my sites? do i need to delete and start over?

By: Saj

Saj

hi,

We had a case of this iframe virus, (cleaned files changed ftp details upto now its good) we also noticed a page drop on google, my question is does this virus play a key role in google page/rank drop issues,..?

Thanks
Saj

By: sandeep

sandeep

The common source of infection is ftp username and passwords. if your site in infected change all your ftp accounts password. look for some javascript code or some iframe in index.php, header.php, footer.php

remove those code.

every thing will be fine.

By: MarcoPolo

MarcoPolo

I was woundering if you ever fix your sites. I had same problem and agree with you with stolen ftp information, I'm using joomla and wordpress and all sites got hack with this iframe exploit and since this code are in so many files what I did is use a search and replace software to scan all the files with same type of code and deleted and one big problem we face is that if we have exploit scripts in our websites at the end of the line our sites will be blacklisted from search engines :-(

By: joseph gormanly

joseph gormanly

there is no way of geting rid of this virus, i tried everything, but by accident i discovered, by going into your plesk, reboot your website, and the virus will disapear for 3 days, then it kicks in again, so i reboot every 2 days to make sure it stays where it is until we can find a guaranteed way of eliminating the virus,

By: Kumar

Kumar

Hi have the same problem, what i did is scan all the file on server, chnage the ftp details and puted all form with some restriction

By: Anurag Shukla

Anurag Shukla

Hello, I was having the same problem which all you faced. I have 19 Sites running and they were on different servers and hostings but all they got infected. I later found out the way to solve the problem and how we can save us from all that bloody attacks.

I have written a post about the thing that how to save your site from attacks.

check here http://imagine18.com/2009/07/is-your-site-infected-with-iframes-hacks-and-exploits/

tanks

By: Lulu

Lulu

I have a couple sites and the virus got on to all my sites that were in my filezilla.

I had to replace the whole folder or one of the files would just redo all the file and add the follwing piece of line to my index files.

Solution: Change all ftp passwords, replace all files on ftp.
Make sure to backup from here on out!

By: squidley

squidley

I have mutiple sites, windows and linux alike. PHP boards, shoppingcarts, flash, html, etc Every one of my sites hosted on godaddy. Every one had the index and logon files replaced with a code similar to the one above added. I found it near the header on the html's and at the bttom of the php files. All replaced on every site the same day and minute. I have replaced them all 3 times now and there is no end in site. Godaddy said "update your PH. we don't suport open source...blah blah" I'm using html and falsh as well ya know.......argh I'm gonna hunt this down until I find the bleeps.

By: Paul

Paul

This isnt only a wordpress problem, but a cms problem.
I have 14 joomla sites that have all been infected and have been researching as to how and why.

Appearantly if your site has been hacked it caused by a sniffer virus on your local pc. Essentially everytime you connect to your ftp, the virus reads all of the ftp login credentials and then posts the results to someone somewhere. Then a bot of some kind posts the script to all of your index.php and index.html files. In my particular case its a different script than the one posted above. It is so incredibly frustrating.

I do know that if you have been comprimised, be sure to clean your pc completely and change all of your ftp passwords. What i am trying to find is a way to scan the files and remove the script from all of the files without having to do it manually...14 sites =not enough time in my life..

Can anyone suggest a program or way to scan the files of websites remotely or locally for a specific script and remove them automatically?

Thanks in advance!