Answer the question
In order to leave comments, you need to log in
Answer the question
In order to leave comments, you need to log in
Good afternoon. Here are instructions on what to do in your case.
If a website is down or not working as expected, it may be due to malicious script activity.
To solve the problem with malicious inserts and scripts, follow the instructions (from simple to more complex):
Check the website https://sitecheck.sucuri.net/ online. This check may indicate a problem.
If additional software (plugins/themes) has recently been installed on the website, make sure that the source of this software is reliable.
Make sure that all plugins and themes that are currently used on the site are not at risk and do not contain critical vulnerabilities.
Make a list of all your plugins.
Go to Google search -> Tools -> search for the last 3 months.
Search string "PLUGIN_NAME critical vulnerability". This search will help you determine if there have been any recent critical vulnerabilities that could have resulted in your CMS websites being hacked.
Login to phpmyadmin database or site control panel. Check the number of users, especially those with admin rights. If there are suspicious users, remove them.
Delete all files from the root directory and site database. Restore the site from a backup.
Change passwords: for the hosting panel, for the site control panel, for the database (you will need to reconfigure the database connection in the site code).
Install a security plugin for your CMS. For wordpress sites, install iThemes Security.
Parse the site's access logs for POST requests.
Contact the hosting company and ask for help in eliminating viruses and fixing vulnerabilities. Most likely, this will be a paid service.
Check the site for viruses and clean it.
Use the ai-bolit utility from revisium.
Download ai-bolit and run the test. Example:
php /root/aibolit/ai-bolit.php \
--size=900K \
--mode=2 \
--path=/var/www/directory_before_website/your_website/ \
--report=/var/www/directory_before_website /your_website/vir.html \
Malicious scripts can also reside outside of a website's root directory, so checking the directory up a level is good practice. Change the path key: --path=/var/www/path_to_directory/ You can open the report from the link: your_site.ru/vir.html View the report and clean the site from malicious inserts.
Clean the database of malicious inserts.
Manually check the site for malicious code and vulnerabilities.
After cleaning the site from viruses, set up an antishell script.
Antishell checks a website for code changes and sends an email with a report if any changes have been made. Using the anti-shell, you can find out the injection time and which scripts were hacked. Having a specific time of hacking, you can analyze access logs; find the IP address of the villain and his requests to the website.
Make a backup copy of the site, cleared of inserts.
Download antishell.
Unzip the archive to the root of your site to get the following structure: /your_site/antishell/antishell.php
Configure antishell.php (configuration is intuitive).
Configure the cron scheduler to run a script every 5 minutes:
php /var/www/directory_before_website/your_website/antishell/antishell.php
As soon as the file(s) on the website are changed and cron runs an antishell check, you should receive an email.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question