Follow Me on Twitter
Client Support Community Server Status Contact Us Client Login
Email Hosting Website Hosting Reseller Hosting VPS Hosting Dedicated Servers
    Join our Community      Check your private messages       Profile       Search       FAQ       Memberlist       Log in

Checking a site for malware

  
Post new topic   Reply to topic    NetHosted Community Index -> Your Site
MaddogBattie Reply with quote
 Community Liason

 

 Joined: 16 Jun 2004
 Posts: 238
 Location: Cornwall
PostPosted: Wed Sep 08, 2010 2:25 pm    Post subject: Checking a site for malware
 
I'm putting this post here as it is for a site that isn't hosted with Nethosted (though this may very well change in the near future - we can hope). Any help would be welcome, it might be enough to swing the sites owners to move it over to Nethosted.

A report has come in that the site (a fairly large charity) is serving up malware from a single not very tech savy visitor to the site. The report was garbled and not a lot of weight can be placed on it but it needs to be checked out anyway.

Initial checks to the site (and the page in question) from various people shows no problems. Google isn't flagging the site as problematic. No problems have been reported by anybody else and the site gets quite heavy access.

Currently, a copy of the files on the server are being down loaded and these will be compared with the local master copy of the files to see if anything has changed that shouldn't.

I've suggested it may be worth deleting everything on the server and uploading a known good copy from local files just to be sure but this may have to wait until a quiet time for the site.

Is there anything else that could / should be done to confirm that there is / isn't a problem?

Thanks for any help. The charity will appreciate it.
Back to top
View user's profile Send private message Visit poster's website
NetHosted - Andrew Reply with quote
 NetHosted Staff

 

 Joined: 22 Mar 2004
 Posts: 7017
 
PostPosted: Wed Sep 08, 2010 8:00 pm    Post subject:
 
Hi,

From our perspective what we see most often are simply iframe injections into pages. These are easily spotted in the site code.

I have heard of more sophisticated malware that only serves every few connections and is caused by root level attacks on the server itself but that's very rare indeed.

A single report regarding a popular page on your site from a less computer-savvy user is worth investigating, but you shouldn't assume they are correct with their diagnosis. For example their PC could have a spyware on it which is trying to punt them fake antivirus and there's no better way than to pop up a warning regarding webpages they are visiting from time to time. It's a tricky problem really.

Do your best to get as much information from them as possible and if they are willing get them to run something like MalwareBytes on their PC too.

Thanks,

Andrew
_________________
| Andrew Bassett
| Managing Director, NetHosted Ltd.
| Follow us on Twitter: http://twitter.com/nethosted 
| Members, tell us what you think  of NetHosted!
Back to top
View user's profile Send private message
MaddogBattie Reply with quote
 Community Liason

 

 Joined: 16 Jun 2004
 Posts: 238
 Location: Cornwall
PostPosted: Wed Sep 08, 2010 11:53 pm    Post subject:
 
Thanks Andrew, I'll pass the info on.
Back to top
View user's profile Send private message Visit poster's website
Post new topic   Reply to topic    NetHosted Community Index -> Your Site
Page 1 of 1

User Permissions
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum

 
Jump to: