How to remove malicious code from the site and protect the site from infection

Today Yandex.Webmaster gave me some unpleasant news regarding one of my resources. The message informed that malicious code was found on the pages of the site, which can be dangerous for the computers of visitors. When opening the pages of the site, the malicious code can not lead to undesirable consequences for the user: infection of the computer with viruses, unauthorized use of its resources, damage and even theft of personal data.

Timely update of the browser version will increase the security of the Internet

How and where did the malicious code come from on the site was the main question I needed to answer. After all, I administer the resource alone, the password for FTP access is available only to me, and there are no people who would like to make changes to the pages.

I began to remember what changes and from which computer were made in relation to this site recently and remembered. Several days ago there was a request via FTP from a computer that had an outdated anti-virus database. It was a work computer from which I am now writing this post.

I downloaded a thirty day trial version of the antivirus program and checked the system. It actually turned out to contain several files infected with a Trojan. Later, my findings were confirmed by the hosting provider’s support service and antivirus software developers.

After the cause of the infection had been identified, localized and eliminated, it was possible to proceed to the next stage and remove the malicious code from the site. I want to emphasize that the most important thing is to find out the source of the infection, and only then eliminate the consequences. This will reduce the likelihood that the problem will reappear, and in some cases, without eliminating the source, it is not possible to cure the site at all.

The malicious code on the site contained the following script:

Malicious code on a website page

This script has been placed at the end of each page, between the and tags.

There were two ways to delete the script.:

  1. restore a site from a backup on the server;
  2. remove malicious code manually.

Due to the small number of pages and knowledge of their content, I chose the second option. It didn’t take long to find the malicious code on the site, delete it and replace the infected pages on the server with clean ones, the site’s security was restored.

More terrible was the consequence, which significantly reduced the number of visitors and was expressed by the phrase: “This site can threaten the security of your computer”, but you can’t argue with that, since you made a mistake, you will have to pay for it.

How to protect your website from malware infection

In order to protect the site from infection with malicious code, you must:

  1. Use a quality antivirus. Install the official version of the currently leading antivirus program.
  2. Change the password for FTP access to the site and control panel. If the hosting supports disabling FTP access, disable it from the control panel and enable it as needed.
  3. Access the site via FTP only from computers with good anti-virus protection with an up-to-date virus database.
  4. File and folder permissions (Chmod) must strictly follow what the developer recommends. In case of changing the access rights for editing the file, at the end of the work, be sure to restore the required values.

By following these four basic rules, the likelihood of malware infection of the site will be significantly reduced.

That’s all, please leave all questions and comments in the comments.

Was this post helpful?

You May Also Like

Leave a Reply

Your email address will not be published. Required fields are marked *