Hello All,
First of all, last night, I was under viral attack, for 80% of my websites with “HTML:Script-inf”, reported by Avast anti virus.
In fact it was a false positive, however, for a few hours I was on alert to know what was happening.
1 - First and foremost, stay calm.
2 - Ask help to your host support if an unusual event has appeared on your account last few hours.
3 - Check the website of your hosting company to know if your anti virus software alarm is ringing or not.
4 - Check sites competing with yours to know if your anti virus software alarm is ringing or not.
5 - Check big names like Amazon, Google, Bing, Yahoo, Facebook, Wikipedia, eBay, etc… to know if your anti virus software alarm is ringing or not.
For your information, the false positive of last night blocked many sites, even some big names like Wikipedia!
After this, check your site itself:
6 - Go to:
http://www.virustotal.com
7 - Click on “Submit a URL” tab
8 - Write Down the URL of your website
9 - Click on “Submit URL” button
10 - Click on “Reanalyse” button if necessary
11 - Click on “[COLOR=“Blue”]View downloaded file analysis[/COLOR]” link to get full details
12 - Repeat steps 6 to 11 for the big names on the web, as Amazon, Wikipedia and more.
13 - Do a search Twitter in realtime with the name of the problem found by your anti virus software:
[url]http://search.twitter.com/[/url]
14 - Now you can draw some initial conclusions.
In my experience, there was nothing, except that Avast raved some (long) minutes.
An update of the virus database “VPS” of Avast, and everything was in order.
Lee Li Pop
Sorry but most of that is complete rubbish.
In some cases contacting your host will result in you losing complete control of the event and even losing your site as it stood before the event. We like to think support staff at hosting companies knowing what they are doing. But many don’t have a clue if it’s not in “linux for dummies” and they’ll rather delete your account then spend time finding out.
If you suspect some wrong with your site.
- View the source code it’s putting out and then take it from there. Any problem will only be outfacing and if it’s not then it’s your host’s problem anyway so just move host as soon as you can.
- Take the site off line. This can be done a number of ways - htaccess, permissions on route etc - it’s not good enough to just change the name of the index file.
- If you find code you think is an insert, search for the details online. Try and find which type of areas it places itself.
- If you can strore your whole site from backup, if not download the data from the infected site and remove the inserts from the code.
two times my blog and others site was hacked. Thanks to my host who removed all virus code from files.
[quote name=‘miracles’]two times my blog and others site was hacked. Thanks to my host who removed all virus code from files.[/QUOTE]
Who discovered these viruses, you, your web hosting company, a search engine, another person or software?
And… How did you (or them) discovered them?
Lee Li Pop
[quote name=‘kickoff3pm’]Sorry but most of that is complete rubbish.
In some cases contacting your host will result in you losing complete control of the event and even losing your site as it stood before the event.[/QUOTE]
You may be right with low quality hosting companies, however, we can start on the precept that CS-Cart is a professional tool for professionals, therefore, these tips are given to professionals.
Amateurism has no place here.
In addition, I want to add, I am a customer of Pair.com since 2000. 11 years. Why? Because they are professionals!
Lee Li Pop