: If your site is infected

01.05.2007, 08:27
A growing tendency of websites infecting is having a strong place nowadays. It is not a matter of websites with the dubious content, but of legal and popular. As soon as users start to complain to the administrator, the administrator runs in a panic on the first one comes across forum and shoots for help.
First of all dont panic! It only remains to define the way the malefactor could get the access to your site.

Your further actions depend on it. It is necessary to scan your computer first. If there is a Trojan in the system, then changing passwords from the infected computer is absolutely useless - the passwords will go directly to the Trojans owner again. Attention! There's no use to install all possible anti-virus programs in order to scan your computer.
Please make a query in the Help me (http://virusinfo.info/forumdisplay.php?f=84) section as soon as you can. The time of a day doesnt matter. Helpers read requests and reply promptly when it is possible.

If your computer is "clear" it doesnt mean there was no Trojan before. It could self-destruct. Even if a helper says that everything is fine now, you should change the passwords anyway.

Taking the second step you should make a request to your hosters Tech support.
As is often the case, you should not rule out a possibility of cracking the server where your website is located.

Lastly, you could try to find the malicious code in your website source manually. Most often it looks like <iframe>, but other variants can have a place.