The problem arose when our website was blocked on Facebook due to suspicions of stealing login information. Despite diligent efforts to investigate, neither we nor any automated virus scanning programs found any malicious code.
We attempted to appeal the decision, but Facebook upheld the block after manually reviewing our case. Eventually, we were informed that a specific issue needed to be addressed before the block could be lifted, however, we were still unsure of the source of the issue. We suspect that there may be a malicious link hidden within the site's HTML or JavaScript code or generated by an innocuous script such as a menu or banner.
Can anyone assist us in finding the source of the problem? Facebook support has been unhelpful thus far.
This is a straightforward process:
Firstly, execute the grep search command to check files in the site directory by running:
grep -rl "bad_site_name" .
Afterwards, examine the database using phpMyAdmin for any matches.
If nothing is found, the link may be encoded in base64. In this instance, ai-bolit can assist with detecting it in paranoid mode. Carefully remove any extraneous base64 inclusions.
Hi! Malicious links are a terrible thing that is simply unbearable and prevents you from living in peace. I have faced such a problem myself. I most often check online in the service pr-cy.ru .
If it's hard to look for them yourself, there are plenty of sites that looking for malicious links automatically, but the easiest way is just find them in database (as an admin of course)
The majority of cPanel hosting providers provide a ClamAV virus scanner that can assist in safeguarding your website against possible server threats. Benefits include an open-source antivirus code, allowing it to combat Trojans, malicious scripts and harmful programs. However, the scanner may not detect exploits with precision.
ISPmanager is a paid web hosting solution that allows you to manage web servers, database servers, and other similar software. In comparison, ImunifyAV is used to identify and treat Trojans, shells, and phishing pages.
Maldet or Linux Malware Detect, also known as LMD, is a specialized site/exploit scanner, along with CXS and ConfigServer eXploit Scanner. These tools work at the server level, enabling them to function more efficiently and quickly, locate malicious code more precisely and commercial CXS has a heuristic scan that identifies suspicious items. Nonetheless, viruses are not detected reliably, and preparation is necessary to apply these console utilities.
Virusdie is a cloud-based antivirus and firewall designed to protect sites from various security threats. With Virusdie, you can discover if your website is blacklisted and remove sanctions. While there is a paid subscription, users are advised against operating the automatic resource treatment mode.
CloudScan.Pro represents a hybrid or cloud scanner. During this scan, the website files are transferred to the service provider's cloud for analysis. Unfortunately, we were unable to find any free testing opportunities for cloud scanners.
Specialized virus scanners such as ClamAV, Comodo, Kaspersky, and Avast, are commonly installed on Windows PCs, and software akin to Avast is often referred to as an antivirus. Such programs are effective at detecting viruses but not exploits.
Virustotal is a file processing aggregator that processes files using various antiviruses. It can be used at no cost to search for viruses in downloaded files; however, its capabilities are equivalent to that of virus scanners.
Facebook's manual review process can sometimes be as clear as mud. They might have flagged something that seems innocuous to us, but sets off their alarm bells. It's crucial to remember that Facebook's security is their top priority, and they often err on the side of caution.
Let's start by using some professional tools to scrutinize your website's code. I'd recommend using tools like OWASP ZAP (Zed Attack Proxy) or Burp Suite to perform a manual security review. These tools can help us identify any suspicious activity, hidden links, or malicious scripts that might have slipped under the radar of automated virus scanning programs.
Next, let's take a closer look at your HTML and JavaScript code. It's possible that there's a malicious link hidden within your code, perhaps injected by a hacker or a compromised third-party script. Use a tool like DOMinator to inspect your HTML and JavaScript code for any anomalies. It's also a good idea to check your website's HTTP headers to ensure that no malicious scripts are being loaded from external domains.
Another potential culprit could be a compromised plugin or theme if your website is built using a CMS like WordPress. It's crucial to keep all your plugins and themes up-to-date to ensure that you're not leaving any security vulnerabilities exposed. If you suspect a plugin or theme might be the source of the issue, try temporarily deactivating them to see if that lifts the Facebook block.
It's also worth considering whether your website has been the victim of a clickjacking attack. Clickjacking is a technique where a malicious script is used to trick users into performing actions on your website without their knowledge or consent. This could potentially be flagged by Facebook as suspicious activity.
Let's not forget to check your website's SSL certificate. If it's not configured correctly, it could potentially trigger Facebook's security alarms. Use a tool like SSL Labs' Server Test to check your SSL configuration and ensure that it's up to snuff.