Web site Hacking and Virus infection
Web site Hacking and virus infection
Usually in the following cases the web site has been infected:
Existence of one or more iframe tags () in page codes which its source is a virus spreading website.
Existence of one or more script tags ( ) in page codes which its source is a virus spreading website or by executing which a virus gets way into the clients computer.
Existence of one or more known files among the website's files which are suspicious to be virus or Trojan. (In most cases, these files will be caught and quarantine by the antivirus on the server)
Why don't the above mentioned cases infect the server?
:&lt;br /&gt;&nbsp;If you are familiar to HTML language, you do know that by means of frames you can show more than one page on your web browser. Each page called a frame and the frames are completely independent from each other. The content of the frame can be of any page or website. A frame tag's format is as following:&lt;br /&gt;&lt;iframe src="http://www.yahoo.com" mce_src="http://www.yahoo.com" &gt;
As you can see, a web site's address can be defined as the source of a frame. It's obvious that even if this address is a virus spreading website, the server cannot detect it. This will be detectable when the page is executed by a browser and then the frame executes the defined source in which case the viruses get in through the system. Naturally, websites doesn't get browsed on servers, they always are read from the server and executed on the client side.
The description is as of the above.
Infected files or Trojans:
In case, the structure of the infected or infecting files is server executive, naturally server's powerful anti-viruses will catch them. But the file may have the structure of what has been mentioned above, and get executed on client side, in which case the server doesn’t get infected and the viral file just infects the executing computer.
Google: Google as indexes all the websites usually identifies the infected pages and shows an alarm regarding website being virus infected. Remember, if Google has identified your website as virus infected, you need to send them the cleaning notification, when your site gets cleaned.
Anti-viruses and internet securities: In some cases (if identifies) the installed antivirus on the computer alarms while opening an infected page.
How web sites get infected:
The above mentioned cases always get through websites via FTP. That means if you check your FTP log, you will notice that at the times you haven’t opened your web site, there is some unknown IP which has been connected to your site.
Usually, the FTP password is hijacked by the spywares which has gotten through your computer. The spywares can get though your computer in different ways:
Emails (even opening an email can infect your computer)
Infected or virus spreading websites
Internet file downloading
Flash disks which has already been connected to your computer
In most cases, the computer which files have been uploaded from is infected.
A spyware's role:
When you type something on your computer, spyware sends it to its source (the website from which it spreads). After processing and identifications in the source, they attempt to connect to your FTP and upload the infected file or iframe or script.
Caution and prevention:
Change your control panel and FTP password periodically.
Make sure to have updated anti-viruses on your computer. (the perfect softwares to catch spywares are Windows defender and Bit defender)
Never open a suspicious webpage.
Never open or reply suspicious emails.
Don’t give your website's information (passwords) to non-reliable persons.
Was this answer helpful?
Yes, we provide access to your raw log files so that you can download them and run your own stats...
In Windows 2003 server , all the domains and subdomains will have the following format of...
Yes, we provide a control panel interface (Domain Menu>Custom Error Pages) to specify a...
1.go to your file manager on websitepanel or Helm control panel(based on your hosting space...
you may find your web server IP by following steps below: Log into HELM Click on "Domains"...