Sites Attacked by Script Virus

I found two of my sites infected by a virus. The following script was found at the end of all *.js, index*.html and index*.php files in my site:


The domain name in the script changes almost every two days so it is not easy to find help on the web about that kind of threat.

First of all, change your FTP passwords and remove anonymous access if any. These attacks are made through FTP access most of the time.

Once the site secured, you have to fix the problem. In a Joomla or WordPress site, there are thousands of these files. It is impossible to change it all online so I downloaded a copy of the entire site on my drive and removed the script from all infected files using search/replace tools. I recommend TextPad for that.

When all infested files have been fixed, I uploaded all modified files to the site and the problem was gone. That took me almost 4 hours to figure out what happened and fix it. That is a lot of time for a production site.

I hope that could help someone out there. If you have any questions please write me in the comment section.

Tags: , , , , , , , , ,

1 Reply

Trackback  •  Comments RSS

  1. leon says:

    Thanks
    ill try your solution

Post a Reply

Your email address will not be published. Required fields are marked *

Top