W
W
weraleto2020-04-17 16:17:47
Malware
weraleto, 2020-04-17 16:17:47

How to remove a virus from a website?

I'm trying to remove a virus from the site.
The problem is that when you go to the site from Google, there is a redirect to a third-party resource.
The virus adds extraneous folders to the site's file system, and also injects code encoded in base64.
After removing it after 2-4 hours the problem returns.
Today, it has been discovered that all domains located on the same host as the infected site are also infected with this virus (extraneous folders with the same names, extraneous php files with base64, extraneous code inserts are added to their file structure). - is it possible to cross-infect between domains, which does not allow you to remove malicious files? how to check this and how can this problem be solved?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
V
Viktor Taran, 2020-04-17
@shambler81

1. remove all FTP access
2. change passwords for all
3. Clean your computer from viruses.
4. update the engine.
5. Protect files from writing (which are infected)
6. remove the backdoor
7. Change the features that define the engine.
8. Remove vulnerability vulnerability

A
Andrey Gavrilov, 2020-04-17
@thexaver

Restore from backup, use virusdie

S
Sergey Romanov, 2020-04-17
@Serhioromano

It is not a virus that needs to be eliminated, but a vulnerability. In order to give recommendations, you need to know what kind of sites. Self-written or joomla or wordpress? Do you have a dedicated server, virtual hosting or look for something else? What level of access? Ruth?
You need to find out how attackers do it. Where is their entry point.
But basically, you need to make all directories prohibited from writing from under Apache or PHP. Same with all files. If your site has one index.php file (as it should be), then you need to add htaccess so that no other PHP files can be run. If you have more than one PHP file bootable, then I advise you to change the site engine.
If you have a problem with rights on all domains, and they are all on the same disk, then having access, they can change the files of another domain.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question