Leave a request
Analyze possible ways to infect your site:
The attacker can get passwords for the administrator panels of CMS, FTP or SSH accounts. Typically, passwords are selected or steal using Trojan programs that infected the computer owner of your site.
Web applications can allow third parties to post arbitrary code on your site.
If your site is connected to external resources (affiliate programs, banner systems, counters), then the code provided to you can be dangerous for users.
Analyze information about infection in the security and violations in the webmaster. An infected pages, dates of inspections and the verdicts made by antivirus will be listed here. By crossing the link, you can see the description and approximate type of code, which is directly displayed on the pages of your site.
For a more accurate diagnosis, you can reproduce the problem using a virtual machine.
Stop the web server to limit users access to the infected resource. Next, check the web server files and all the working stations from which the administration occurs using antivirus. Change all passwords: Root, FTP, SSH, Hosting and CMS administrative panels.
If a reserve copy of the site was created before infection, restore it.
Update the programs used on the website to the latest versions to correct the vulnerability through which the infection could occur.
Remove users with unnecessary access rights and carefully check the server for the availability of web-sluts, with which the attacker can change the site code without authorization.
Check the presence of harmful code in the following places:
in server scripts, CMS templates, databases;
in the configuration files of the web server or the interpreter of server scripts;
If your site is posted on Shared Hoting, check other sites on the same server-perhaps the entire server is infected.
Signs of harmful code:
The code that looks like an outsider or unfamiliar does not coincide with a backup or a version control system.
Long -focused (unreadable) code.
The date of change of files coincides with the time of infection or later (although this can be unreliable, since the virus can change the date).
Using typical functions typical for malicious code. For example, for PHP:
Dynamic code execution (Eval, Assert, Create_function);
Lugus (Base64_Decode, GzUNCOMPRESS, GZINFLATE, STR_ROT13, PREG_REPLACE);
Loading remote resources (File_get_contents, Curl_exec);
When the code is deleted, the mark on the danger of the site will be removed if, during the next check, the Yandex robot will not find infection. To speed up the process, go to the security and violation section in the webmaster and click the "I fixed everything" button.
We recommend that within a few weeks after infection, regularly check the files and site code to make sure that the vulnerability was completely eliminated and the attackers no longer have access to your site.
Yandex constantly explores new types of infection and publishes the results of his research on the blog for webmasters.
If a suspicious or malicious code is found on your site, you can send it to the analysts for analysis.
So that your question is processed faster, specify its topic:
A malicious code was found on the site, the site has become considered dangerous in the search.
The site found hazardous files and undesirable software.
If you have other problems associated with the safety of the site, select the appropriate type of violation.
Contact information for communication:
To receive additional assistance, you can contact SEO.computer on the safety of your site by email info@seo.computer or through WhatsApp: +79202044461.
ID 169
