Portal Home > Knowledgebase > Articles Database > Server Security
Server Security
| Posted by zapinfotech, 06-02-2009, 03:59 AM |
| Hi,
My websites are attacking by viruses, in every page of website, there is a script under :
I don't know how it came in the code.
Can any one suggest me, what can i do now?, is there any virus in my taptop or is there any server security issue?
Many of websites are affecting day by day.
I am really suffering from this thing
Thanks
|
| Posted by prashant1979, 06-02-2009, 05:05 AM |
| You should seriously check the website security. The chances are that your website is not coded securely and is giving a chance for hackers to inject malicious scripts in the website. Also there is a chance of your server being infected with trojan/virus. Do a complete scan of the server, delete all the website data from the server, upload fresh and clean data on the server and change the password to a strong one. You should also opt for a strong web application firewall which prevents web attacks. I recommend Applicure's DotDefender.
|
| Posted by hostineuro, 06-02-2009, 05:11 AM |
| Hello,
It seems that your ftp account or the whole server has been hacked and someone put malicious code in every html document.
|
| Posted by ZenMonk, 06-02-2009, 05:16 AM |
| 1). Reset all your passwords(ssh,ftp cpanel/control panel) etc
2) Check for dirs,files that are on 777 and set them to correct permissions.
3) Upgrade all your software to the latest version.
4) Analyze all your logs for src of attack.
5) Use clamdscan to check your files for viruses
6) Replace all infected files immediately.
|
| Posted by adminpaul, 06-02-2009, 05:41 AM |
| Check ftp log to find, if the infected files are downloaded and uploaded with a an interval less than one minute. If yes, it might be some virus in the local machine. So please do a complete virus checking in your local machine. Also do not save your passwords in browser. If the IP showed in the ftp log is not your's, block it.
Paul
|
| Posted by zapinfotech, 06-02-2009, 10:11 AM |
| Thanks buddies
|
| Posted by ServerManagement, 06-02-2009, 11:27 AM |
| I don't see it mentioned here so I'd like to suggest also that you use a firewall such as csf, and also a filtering program like modsecurity. These are most commonly ignored and one of the best defenses against hacking.
|
| Posted by prashant1979, 06-02-2009, 12:22 PM |
| I have already mentioned using a web application firewall. I personally prefer DotDefender which offers better protection than CSF and Mod Security though it comes with a high price. I have used CSF and Mod Security and did not find them making much difference though they are worth using considering the price of other applications.
|
| Posted by dvduval, 06-02-2009, 11:40 PM |
| This is a pretty serious attack affecting 1000s of websites. I don't know exactly what is going on but if you look around on various webmaster forums or script forums, there are posts from others that are confused too.
Examples:
http://www.webhostingtalk.com/showthread.php?p=6213778
http://www.google.com/support/forum/...4c9e9fa3&hl=en
Seems to involve iframe links to sites in China in the .cn tld.
|
| Posted by brianoz, 06-04-2009, 08:56 AM |
| If all your accounts are compromised, your server is in big trouble (probably root compromise) and you should have an expert look at it. There's no way you'll know enough to get the system secure again as a newbie, and anyone suggesting otherwise is being pretty unrealistic to be honest.
|
Add to Favourites 
Print this Article
Also Read
