I have noticed unusual links to resources such as vtraxe on my website. Additionally, these links have started showing up in areas of the site that I am unable to edit through the admin panel. What could be causing this?

The ability to identify a filename occurrence depends on the specific CMS type and version. Once the shell has been discovered, it may be possible to review the web server logs to find the request responsible for placing the shell.
However, it is recommended to proactively search for information about potential vulnerabilities in your scripts and to always keep them up-to-date with the latest versions.

Seems like malware ads, view all your server logs and look up for all unfamiliar links and shells. Also seems like your scripts are too weak to protect your site

There are two methods for checking a website for viruses:

One is to manually view all files on the website, but this can be challenging as it requires expert knowledge of different virus types and identifying malicious code.

The other method is to use antivirus software tools, which can be online services or built-in features from the hosting provider. These antivirus tools scan the website code against known malware signatures stored in virus databases.

Cityhost provides an AiBolit-based antivirus for customers to scan their websites. Users can access this feature by clicking on the "Hosting" tab, then "Manage", followed by the "Management" tab and selecting the AiBolit scanner.

Upon completing the scan, a report is sent to the registered email address indicating the presence or absence of viruses. If viruses are detected, measures are taken to restrict outgoing traffic to prevent infection of other resources.

Cleaning the website code from viruses must be done either manually or with the assistance of a specialist, as the virus may replace crucial parts of the code. Simply deleting infected files can cause the entire site to become inoperable.

After deleting the virus, users must click on the "I cleaned" button to initiate another scan. Once the website is confirmed to be secure, the restrictions will be lifted.

To prevent reinfection, it is important to identify the source of the virus and update passwords, check scripts for vulnerabilities, and update the CMS. Failure to take protective measures could result in the website becoming infected again.

It is possible that your website has been compromised by a malicious party. Hackers often inject hidden links or modify existing links on websites to redirect users to other sites, possibly for malicious purposes such as phishing or distributing malware. If you are unable to edit these links through the admin panel, it could indicate that the attackers have gained unauthorized access to your site and have modified the underlying code directly.

To address this issue, it is recommended to:

1. Conduct a thorough scan of your website using security plugins or third-party security tools to identify any vulnerabilities or malicious code.
2. Update all software and plugins on your website to their latest versions, as outdated software can be an entry point for hackers.
3. Change all passwords associated with your website, including the admin panel, FTP, and database, using strong and unique passwords.
4. Review the user accounts on your website and ensure there are no unauthorized or suspicious accounts.
5. Analyze your website's access logs and server logs to identify any unusual activity or potential entry points for hackers.
6. Consider working with a cybersecurity professional or a web development team experienced in website security to investigate and resolve the issue.

Taking immediate action is crucial to prevent further damage or unauthorized access to your website and to protect your users' data.

I'd suggest investigating potential security breaches, such as Cross-Site Scripting (XSS) or unauthorized plugin activity. Unusual links could indicate malicious SEO practices, like Black Hat link building. Ensure your website's security measures are up-to-date and consider hiring a penetration tester.

Alternatively, your theme or plugins might have vulnerabilities exploited by third-parties. Update them promptly and consider switching to reputable developers.