If your server is infected with virus, google has blocked it again can you fix it or not !!!
This is the words that most of the webhosts hear from their customers these days. Anyway I would like to explain here, how and why
these kinds of attacks are done.
The first point that I would like to share with you is that, it is NOT a server issue.The main reason for such an attack is either
1. A Vulnerable code. Most of the websites use CMS such as
wordpress/joomla etc. If they are not updated properly, you are likely
to have attacked.
2. A weak ftp password, that can be easily cracked by bruteforcing.3. A clinet Pc ( Windows) being infected by virus and this is the most common way I have seen so far.
I am not explaining here the first two methods as they are self explanatory. The third one works as mentioned below.
It startes with a google search. When someone searches for something in google, probably infected websites or even attackers website itself pops up in results.When the user click on this, his pc gets infected with the virus.
If he is a webmaster, when he tries to upload or edit contents of his website, the virus code is also injected.So what does this injected code do ?
The basic idea is that an code loads the content of an external site(Virus website) into the site, sets the external content to beThus it propagates from client Pc to Pc.
invisible and then overlays the page youre looking at. When you click a link you see on the current page, you are in fact clicking on the
externally loaded page and about to load pretty much whatever the attacker wants.
Got Infected..What to do now!!
If you have a good backup, you are saved. Else you have to contact someone to write some kind of script to remove the injected code. The sad part is, I have seen many hexadecimal code which doesnt have any pattern. In this case it is extremely difficult if your site is having thousands of webpages.
Also, I have seem some attacks, where the original content is replaced. In that case, if you do not have any backups there is no
other way than to contact developer to rebuild the website.
How to Avoid
The basic steps that is to be done to prevent this type of attack in future are1. Install software from the latest version of the developers site manually.
2. Check this site periodically or use any built in update functions4. Use a good antivirus software in your PC. ( Anyway Linux users dont have to worry about this !!!)
the script may have to ensure you are running the latest version.
3. Stay up to date with news the developers may post or any exploits posted on security sites such as http://www.securityfocus.com/.
Some times developers just cant patch their software fast enough, some
developers cant even fix the exploits in their software between
Original Article at http://prajizworld.com/?p=241