Hi everyone, I have heard some unethical webmasters actually try to load computers with viruses and malware, but wtf happened with my websites . I mean I have never tried to infect other computers with viruses, nor do i know any such softwares doing that. But the alarm raised just two days ago in Avast when i tried opening my own site, just to find the VBS :Malware gen threat. I have uploaded the screenshot of how things were looking at that moment over here. This has become rather frustrating, because almost all the sites in my hosting panel have got affected in the similar way. I really need some helpful suggestions as to how to get rid of this worthless worm/leech/virus 'es or anything that has tresspassed into my website and is in turn eating away my traffic as well as money . Hope someone can give me an effective solution. I dont know if the problem is occuring with antiviruses other than Avast, but for the time being this is a big time concern for me. Check how the site loads at your end. Is there any way to actually find out the files from my hosting panel that are being infected ?, or may be some potentially mallicious threat residing inside my cpanel hosted files? I pray, that there might be a way to get the sh!t out of my websites...
I visited. Norton sent no alarm. The scencery was nice. Are you sure you have a virus? Or do you have a bad AV program? General rules apply for the cure: Delete any files you did not upload. Monitor any advertisers, one of the bigger malware sources. Change your passwords.
I didn't see any issues on your website. Even if there were issues, it's because of the following reasons most likely: Your using a out of date Wordpress script that allows people to easily exploit your Wordpress script. Allowing them to inject malicious code into your site and hi-jack your traffic to porn and pill ads of their own. This also happens when you used out of date WP modules, or any other poorly written script. If my memory is correct, Wordpress requires mod_security to be disabled on Apache to even be able to submit articles and posts. This is a Security risk in it's self. This is why I always suggested Drupal over Wordpress. I don't know if Wordpress has made any recent changes to fix this. Make sure register_globals is turned off by default in your global php.ini file. This path is usually /usr/lib/php.ini. You can also find out by running a phpinfo.php file. If it's turned off by default, ask your host how you can disable it. You might be able to create a php.ini file with: register_globals = Off Then recursively copy it to all subdirectories of yours as needed. There are many other things you need to be aware of to keep people you don't want out. These types of things are typically not the hosts responsibility to keep up on. Therefore, it is your job as a webmaster to understand these things, and apply the needful.
@proversatility Unfortunately your antivirus is right. Your site contains a malware script. Check the HTML code of your pages. You will find a script that starts with eval(function(p,a,c,k,e,d).... This script, when executed, creates a hidden IFrame loaded from "google-top in". This site is listed as suspicious by Google: http://www.google.com/safebrowsing/diagnostic?site=google-top.in Your site is definitely compromised. What version of WordPress do you use? Then you clean your site, you should upgrade to the latest version (currently 2.6.2)