Hi I have a website that, a few months ago, was showing a warning that it had malware. This was checked and the warning disappeared. I was told that the malware was on the shared server and NOT on the website. Google did not report any malware on the site in webmaster tools. Today I am getting the same warning again but this time it looks as though the site has been fully hacked! Can anyone help? Is there anyway of checking for sure if it is the website or the hosting? Is there anyway of removing the code if the site has been hacked? Any help greatly appreciated. Thanks in advance
Before creating this thread, did you have a look around at all? There are already a few threads - All about sites being hacked and how to clean them. Do a search and you will find a fair few results. Firstly, before we can help we need some more details; What type of infection is it? - Check out your pages source code... Check bottom and top of the file. What type of script/site are you running? Wordpress? or some other PHP powered script? Whats the name? Is it up to date? google the scripts name and vulnerabilities - you will find the fix for the vulnerability( if your lucky ). Since when has it been infected? Have you asked your webhost for any assistance? Your host should be able to identify which files are infected. Before cleaning the infection you need to identify how the attacker has infected your sites, most likely through a backdoor or via a RFI ( Remote File Inclusion ). This vulnerability allows anyone to call a remote file into your site. Google has been known to do false positives on sites which have been infected in the past, check it with another website virii checker.
If you provide the URL or use bitly or one of those URL shortening services and post it here, I can scan it for you. I will let you know that many websites have been hacked via stolen FTP login credentials. It doesn't matter how complex your password is, the hackers steal it with a virus on a PC that has FTP access to the infected website. The virus will steal the password from the file that programs like FileZilla use to store saved passwords in. On a PC it's in: C:\Documents and Setting\(user)\Application Data\FileZilla\sitemanager.xml The virus evades detection, infects the PC, steals the FTP credentials, sends them to a server which then use them to login and infect the website. First, change all your FTP passwords. Second, find the malscript and remove it. If you need help with this part either post your URL here, use an URL shortening service or contact me via PM. Third, I use WS_FTP by Ipswitch because they encrypt their password file. You may want to use it as well. Fourth, you may want to install a different anti-virus program than what you're currently using. It doesn't matter what you're using now, it has to be different. We've helped thousands of website owners with this issue and everyone claims their (insert anti-virus program here) is the best in the world and therefore that can't be how it happened. Then after fighting it for weeks, they finally listen and low and behold, the new program finds all kinds of viruses and trojans. Many have had good luck with Kaspersky, Avast or Vipre (Sunbelt Software). If you're already using one of these, then select one of the other ones. Fifth, if your site is blacklisted by Google, then you'll have to request a review. Post back here if you have any questions or updates.