Web site is infected

Started by keith.bowman, Nov 02, 2022, 12:28 AM

Previous topic - Next topic

keith.bowmanTopic starter

Colleagues, good day!
A couple of days ago, trouble happened. One of our web sites seems to have been infected with a virus. Apparently they broke it, introduced Trojans into it and now it's even "more fun".
The domain on which website is bolted to our mail server and today a threatening letter came from the service, where our DNS zone for the mail server, and the entire hosting of all sites, that we are given 48 hours to fix the problem, because spam is coming from our IP. Then block it. Apparently someone complained to them about us.

How to treat sites in general. I have never been involved in the treatment of sites (.  there is FTP access there.
Also checked site through mxtoolbox shows that we are on the Truncate blacklist.
Please help me figure out how to get rid of the infection and not get blocked.


Suppose that your website on a Joomla of some kind.
Such sites have the right to exist only if you made it, and then put it on the directory recursively -windowsю
Come on, they shoved a php file that uses cms phpmail and is sent locally from web hosting. In the ISP, block all the mail and sort it out.

In my personal experience, I have done several sites on WP "on smoke breaks". The bots didn't break any. Spammbots in comments and other submit fields are a vulnerability of any dechman CMS, so we do not consider it.
But a couple of web sites on Joomla  broke all the Chinese bots of Jin hui province within a month after publication.

In short, at your peak, I see only one thing - WP has more known holes and they are either already patched or patched in patches.
And nobody gives a shit about Joomla , including the developers. Nobody is looking for holes, nobody wants to patch them.


To prevent this, it is necessary to take appropriate measures to protect the server and the computer/computers used for server administration. Using strong passwords. Despite the triviality of this advice, it really is the basis of server security. It is not only necessary to change passwords after each incident and/or attack on the server — they must be changed on a regular basis, for example monthly.

A good password must meet special criteria, which can be found on www.kaspersky.com/passwords ; Regular updates. It is also necessary not to forget about regular updates. Cybercriminals often exploit vulnerabilities in software regardless of the purpose of the malware — whether it is directed at PC users or websites. All programs that you use to manage your server / site content must be the latest versions, and each security update must be installed immediately upon its release. Using up-to-date software versions and timely installation of all necessary patches will help reduce the risk of an attack using exploits.

Regular creation of backups. Having a clean copy of the server content in stock, you will save a lot of time and effort, not to mention that fresh backups can, in addition to treating infection, be very useful in solving other problems; Regular file checking. Even in the absence of obvious symptoms of infection, it is recommended to periodically scan all files on the server to detect malicious code; Ensuring PC security. Since a significant amount of malware for websites is distributed through infected PCs, the security of the desktop computer used to manage your website is one of the priority aspects of website security.

Continuous maintenance of the cleanliness and security of your computer significantly increases the likelihood that your website will also be safe and protected from viruses. The following actions should be mandatory (but not sufficient): removal of unused programs; deactivation of unnecessary services and modules; setting up appropriate policies for individual users and groups of users;
setting adequate access rights to certain files and directories; disabling the display of files and directories of the web server; logging events that are regularly checked for suspicious activity; using encryption and secure protocols. Malware designed to infect websites can become a real nightmare for web administrators and Internet users.

Cybercriminals are continuously developing their technologies, discovering new exploits. Malware is spreading rapidly over the Internet, hitting servers and workstations. It is fair to say that there is no reliable way to completely eliminate this threat.
However, every website owner and every Internet user can make the Internet safer by following basic security rules and constantly maintaining the security and cleanliness of their websites and computers.