Sooner or later your website created by request or own hands, will be visited by malefactors. A main goal of these ""IT bugs"" is increase in attendance of the website by a redirect (redirection) of the visitor, suspension on your resource of a special virus lock (banner) extorting money in an exceptional case - simple sports interest. Irrespective of what is the website - the business card of firm or online store, infection with a virus - it always unpleasantly and often leads to direct material loss, rating downgrade of the website and even to its full blocking by search engines. Identification and cleaning of the website from viruses rather laborious and long work which is quite often followed by an infection recurrence. However it can do to any site administrator, the main thing is to observe a certain sequence of actions.
From what party to approach the infected website
If the website is infected with a virus, and signs of it are, for example:
• Automatic redirect on other resource or blocking of the computer of the user a virus banner.
- The message of the search engine (Yandex, Google) that on the website the malicious code is found.
That to approach the virus code and literally it is possible "to pick out" it only from the control panel of the website on a host. More precisely – from that its part which is called the FTP manager. Such approach will allow you not to start the infected file, and to see a line of the virus code and to destroy it.
Mark which is left by malefactors
If you open the FTP control panel manager the website on a host, then will see the list of file and folders which make a website distribution kit. Near each of them there is a date of creation and change, including time. It is a trace by which is determined that your website was visited by villains. Well, of course, if you precisely remember that when and why changed on the website.
What can be seen in the folder changed not by you or the file
Having come into the folder which date of change raises doubts, you can find there not your files with the .exe and .js extensions or changed, besides not you, index.html and index.php index files. Files with the .exe extension in a distribution kit of the website should not be, it is an explicit virus. Executable files of .js can be also your "family" but complemented therefore at once it is not necessary to destroy them. View viruses most often meet in index files:
• Eval...> symptom of a virus is very long indissoluble line from Latin letters and digits.
• iframe … symptom of a virus – the size of a frame 1 on 1 pixel.
What should I do?
Treatment of the website for a virus begins with general cleaning of own computer. It is necessary to change all logins and passwords: FTP, access to the panel of administration of the website and access to the control panel on a host.
After that in the FTP manager of a host you check each file which raises doubts. You should not start it, and to see the code therefore press on the edit button. You destroy files with the .exe extension at once, having the .js extension you check for existence of excess code lines. Not to doubt – you store all scripts installed on the website in the separate folder of the computer. In index files you erase all frames the size in pixel and the long senseless lines from a set of letters and digits after an icon.
Before an input on the FTP control panel manager of the website usually there are folders of log-files. It is necessary to open and look at them - who visited the website when presumably there was infection. You will see the malefactor's IP. You create (if it is absent) the .htaccess file in the folder with files of the website and you write in it a line of the ban on an input from this IP.
In two days it is necessary to carry out repeated audit, perhaps process of cleaning of the website should be repeated several times.