Strange site changes

Started by TDSko, Jul 14, 2022, 07:43 AM

Previous topic - Next topic

TDSkoTopic starter

On the my site I see strange links to resources like vtraxe, etc.
Moreover, they began to appear in those parts of the site that cannot be corrected through the admin panel. Because of what it can be?

Koza Dereza

It depends of the type and version of the CMS.
After finding the shell, you can view the web server logs for a filename occurrence.
So there is a chance to find the request with which the shell was placed. But it's better to just look for information about the vulnerabilities of your scripts and install the latest versions.


Seems like malware ads, view all your server logs and look up for all unfamiliar links and shells. Also seems like your scripts are too weak to protect your site


There are two ways to check for viruses on web site:

View all web site files yourself. This is not easy, because you need to know all the manifestations of viruses and recognize malicious code.

Perform a scan using antivirus software: online services or built-in tools on the hosting.
The antivirus on the hosting checks web site code with the signatures of already known malware. For this purpose, there are special repositories (virus databases) in which the characteristics of virus families are placed. 

Cityhost provides customers with the opportunity to check web site using an antivirus created on the basis of AiBolit.
To run the scan, go to the "Hosting" tab and click on "Manage". You will be taken to the section where you will need to click on another tab "Management", after which a menu of additional settings will appear. Select the AiBolit scanner and run the scan.

After the scan is completed, a report on the presence /absence of viruses will be sent to the registration email. If there are viruses, the site will have a restriction on the transmission of outgoing traffic in order to avoid infection of other resources.

You can only clean web site code from the virus manually yourself or with the help of a specialist. The virus is able to replace useful parts of the code, and simply deleting infected files can cause the site to be inoperable.

After deleting the virus code, you will need to return to the additional services section and click the "I cleaned" button. She runs the scan again, and if web site is already secure, the restrictions will be lifted.

After cleaning, you need to track the possible ways of the virus. See when edits were made to infected files and check through logs how the attackers made changes. Update all passwords, check scripts for vulnerabilities and fix them, update CMS.
Regular cleaning without subsequent protection measures is ineffective, because after a while the web may be infected again in the same way.