Hi, On one of my web hosting accounts which hosts several websites it seems that the majority of the sites have been infected with some kind of virus. I just went to one of the sites and my anti virus pops up with a warning saying: Also when I view the HTML of the file it contains this, just below the </head> tag: And when looking at the original file on my hard drive this code isn't there, so I presume that this is the virus? Anyway do I just have to remove this code from all the affected sites and then upload them again? How did I receive the virus? How do I prevent it from happening again? Thanks for any help
You need to scan your computer or any computer for any viruses and malware. Possibly format. Please change your passwords once you know your pc is clean. Once complete, write a script to remove all instances of this, restore from backup, or have me write you a script to remove them all.
Iam assuming all the index file gets injected with this script There are a number of ways this can happen 1 you ftp password has been stolen 2 your webhost been hacked There are a number of things you can do If you using linux hosting check your .httpaccess file and make sure there is nothing unsual there refer to this post where I helped someone to clean up the virus from his website http://www.geekzone.co.nz/forums.asp?forumid=72&topicid=30877 Also once you have cleaned your pc and changed all the password you can set the index files to read only this will prevent automatic scripts from writing to your files in case the webhost is hacked
As the previous commenter mentioned, you want to clean your PC first, reformat and reinstall is best option. Then you have two options - you can either read my Wordpress Security Guide, which teaches you how to secure your site from being infected, and the next installment will show how to clean infected sites. Or - if you're not technical or need immediate assitance you can visit the same page and ask for my help directly.