|
Post by sandile on Oct 5, 2010 2:01:01 GMT
Hi everyone I'm new in this forum and I hope I'm welcome. lol My other client told me that his temporal web page I created for him have a virus. www.holidayafricainstyle.co.za can someone with antivirus check it for me please. You can also check this one: www.zulujazzlounge.co.za
|
|
|
Post by jenny on Oct 5, 2010 6:15:50 GMT
Hi everyone I'm new in this forum and I hope I'm welcome. lol My other client told me that his temporal web page I created for him have a virus. www.holidayafricainstyle.co.za can someone with antivirus check it for me please. You can also check this one: www.zulujazzlounge.co.zaHi there Sandile, It does indeed look like your client's site has been infected with malware. About 4 weeks ago, 24 of my sites (mine and my clients sites) got infected with an ftp hack and labeled by Google as attack sites. It took me 9 days to clean! What I would suggest, is that you first go into Cpanel and change your login password and ftp password as well as chances are that your Cpanel login details have been compromised. Then open every single file on your client's site in a code editor or notepad. Then go through the code and you will find the malicious code injected in the pages/files. You will find that they like to inject the code in js files and index page files, but they also inject it into other files. Once you find the code in the files, delete it and save the file. Then go through all server files itself as well and check each one for malicious code and delete the code. In my case, the code was also injected on the server files itself, so each time I cleaned a site, it just got re-injected with the code. So a good idea to check the server files as well. Oh and the valuable lesson I learned with this nightmare, was to never, ever store ftp login details inside Filezilla or any ftp program for that matter!
|
|
|
Post by sandile on Oct 5, 2010 6:40:53 GMT
Good morning Jenny, thank you very much with your advice, I thought I should contact my hosting company to clean up my domian. but as yo have adviced me I will try to clean it up my self. I've seen your work here in Antenna forum it amazing. you doing a nice websites. how long you been doing websites?
|
|
|
Post by jenny on Oct 5, 2010 6:50:31 GMT
Good morning Jenny, thank you very much with your advice, I thought I should contact my hosting company to clean up my domian. but as yo have adviced me I will try to clean it up my self. I've seen your work here in Antenna forum it amazing. you doing a nice websites. how long you been doing websites? Hi Sandile, thanks. I started designing sites in 2006. You sites look great btw! You can ask your hosting company to clean up the site, no problem,but get them to also change the Cpanel password and Ftp password for added security. Also scan your pc and also go through your clients backup files, if you have any of them on your pc, just to make sure that the code is not sitting there as well, otherwise when you update the site, you will reinfect your clients site and server again.
|
|
|
Post by Graham on Oct 5, 2010 7:48:24 GMT
Hi sandile
one other thing to bear in mind in may not be the website in question but the clients pc at risk.
Next time it happens if it does as the client to give you the error number it displays on the screen, as this is very helpfull to diagnose what is going on.
I have had people try and view my sites and they get errors and and told its a virus but when you look up the error messages it is actually the client pc with the virus and the website has blocked it.
Graham
|
|
|
Post by jenny on Oct 5, 2010 7:58:13 GMT
PS. I checked your site on 2 different pc's now and the site is definitely infected.
|
|
|
Post by Graham on Oct 5, 2010 9:08:23 GMT
Jenny what virus program you running, I have checke both with AVG and Norton and nothing pops up at all
What is the error page you get with it
Graham
UPDATE:
Just got a mate to check it who is running McAffee site adviser and no warnings either came up for him
|
|
|
Post by jenny on Oct 5, 2010 9:26:57 GMT
|
|
|
Post by Graham on Oct 5, 2010 9:49:24 GMT
|
|
|
Post by jenny on Oct 5, 2010 9:59:19 GMT
Don't you just hate these malicious java codes? My battle was called "nuttypiano"....it sure drove me nuts! hehe
I think it is a good idea to find out how it happened so as to prevent if from happening again. How do you think the script/link got placed on Sandile's website page?
|
|
|
Post by sandile on Oct 11, 2010 17:46:35 GMT
Thank you guys for you solutions, I've re-uploaded it and it seems to be ok now. but I will keep on checking it for any changes. I think I'm lucky coz I didn't loose this client. lol.
|
|