How to find a malicious link on a large website?

Started by maxikk, Jul 10, 2022, 07:46 AM

Previous topic - Next topic

maxikkTopic starter

The problem arose when our website was blocked on Facebook due to suspicions of stealing login information. Despite diligent efforts to investigate, neither we nor any automated virus scanning programs found any malicious code.

We attempted to appeal the decision, but Facebook upheld the block after manually reviewing our case. Eventually, we were informed that a specific issue needed to be addressed before the block could be lifted, however, we were still unsure of the source of the issue. We suspect that there may be a malicious link hidden within the site's HTML or JavaScript code or generated by an innocuous script such as a menu or banner.
Can anyone assist us in finding the source of the problem? Facebook support has been unhelpful thus far.
  •  

Crewingtop

This is a straightforward process:

Firstly, execute the grep search command to check files in the site directory by running:

grep -rl "bad_site_name" .

Afterwards, examine the database using phpMyAdmin for any matches.

If nothing is found, the link may be encoded in base64. In this instance, ai-bolit can assist with detecting it in paranoid mode. Carefully remove any extraneous base64 inclusions.
  •  

Chayka

Hi! Malicious links are a terrible thing that is simply unbearable and prevents you from living in peace. I have faced such a problem myself. I most often check online in the service pr-cy.ru .
  •  

adm.1.n

If it's hard to look for them yourself, there are plenty of sites that looking for malicious links automatically, but the easiest way is just find them in database (as an admin of course)
  •  

mariajones

The majority of cPanel hosting providers provide a ClamAV virus scanner that can assist in safeguarding your website against possible server threats. Benefits include an open-source antivirus code, allowing it to combat Trojans, malicious scripts and harmful programs. However, the scanner may not detect exploits with precision.

ISPmanager is a paid web hosting solution that allows you to manage web servers, database servers, and other similar software. In comparison, ImunifyAV is used to identify and treat Trojans, shells, and phishing pages.

Maldet or Linux Malware Detect, also known as LMD, is a specialized site/exploit scanner, along with CXS and ConfigServer eXploit Scanner. These tools work at the server level, enabling them to function more efficiently and quickly, locate malicious code more precisely and commercial CXS has a heuristic scan that identifies suspicious items. Nonetheless, viruses are not detected reliably, and preparation is necessary to apply these console utilities.

Virusdie is a cloud-based antivirus and firewall designed to protect sites from various security threats. With Virusdie, you can discover if your website is blacklisted and remove sanctions. While there is a paid subscription, users are advised against operating the automatic resource treatment mode.

CloudScan.Pro represents a hybrid or cloud scanner. During this scan, the website files are transferred to the service provider's cloud for analysis. Unfortunately, we were unable to find any free testing opportunities for cloud scanners.

Specialized virus scanners such as ClamAV, Comodo, Kaspersky, and Avast, are commonly installed on Windows PCs, and software akin to Avast is often referred to as an antivirus. Such programs are effective at detecting viruses but not exploits.

Virustotal is a file processing aggregator that processes files using various antiviruses. It can be used at no cost to search for viruses in downloaded files; however, its capabilities are equivalent to that of virus scanners.
  •