Virus on the site - what to do and our story

January 19, we received a message from Yandex: “Yandex found a malicious code on life-trip.ru”. After that, a mark appeared in Yandex.Webmaster: “At the moment, the site is displayed in search results with the note“ This site may threaten the security of your computer. ” For 3-4 days the site hung like that marked as dangerous, although everything was fixed a couple of hours later. Some freezers also use information from Yandex, so they also blocked our site. Traffic has dropped several times and income, respectively, too. At this moment you understand how bad it is when the outset goes to one site and to search traffic. A little that the search engines did not like and everything ...

But now everything is in order!

The content of the article

Checking the site for viruses online

There are few links to help, although none of the antiviruses showed anything. And only those sites that check the availability of the site in the databases of dangerous sites, have shown that Yandex has noted us.

http://webmaster.yandex.ru - Yandex.Webmaster shows which pages are infected
https://www.google.com/webmasters/tools/ - Google webmasters panel (under Diagnostics / Malware
https://www.virustotal.com/ - verifies what search engines and other systems say
http://2ip.ru/site-virus-scaner/ - the same thing, but checking only on Google and Yandex
https://www.stopbadware.org/clearinghouse/search - this service informs google and mozilla about viruses
http://vms.drweb.com/online/ - antivirus doctor web, online check
http://sitecheck.sucuri.net/scanner/# - scan for viruses, in contrast to the previous virus showed
http://antivirus-alarm.ru/proverka/ - check on several anti-virus databases
http://virusscan.jotti.org/ru - scan only files (you can save the site page as html and download it) for various antiviruses
http://www.bertal.ru/ - you can see the code of the page of your site, as it is seen by search engines, a useful thing

And the best way to write to the hoster, we have decided this question in this way. Independently find the malicious code failed. I will not write any manuals, it is well written about it here.

The main method is to view the page code onthe presence of any nonsense there, and after checking all loaded scripts js and php files of your theme, has anything changed inside them, the easiest way to look at the file size, if the code was added there, the size will be larger than that of the originals. Ideally, you should check all the files on the hosting in general, in order to change them, as well as the appearance of new left files. Alternatively, download all the files of your hosting account on your computer and check with several antiviruses, but not the fact that they will find something.

Virus on the site - what to do

Virus on the site - what to do

Our story with a virus

Somehow the jquery.cycle has been changed.js in our wordpress template. After its removal and downloading from backup, the hoster said that there are no more malicious codes. Quite quickly everything happened. The problem most likely was not serious, rather it was not a virus, but simply sabotage, otherwise it would have had to mess around longer. I read different stories, how people clean the virus, and it appears again.

As it happened with our blog, it remains a mystery. If I saved passwords for ftp Total Commander, it would be clear where my legs grow from, but I know that this cannot be done.

On the same day, I changed the passwords on all blogs toftp-account and hosting, at sql-site bases and drove the laptop with two antiviruses. I hope that no longer slip anything. But you will still need to read on this topic.

It may well be that the problem was thatwe in the template download jquery comes with ajax.googleapis.com, even on Habré this topic has surfaced, and almost on the same day, which is suggestive. I downloaded jquery on a hosting just in case, so that it loads from there.

Rechecking the site by Yandex

I filed for a double check in Yandex.webmaster: "The application was left (03/19/2012 00:00) to re-check the site, it will take several days." And on the 4th day, this long-awaited recheck occurred. Someone, judging by the forums, it can happen in a month, and someone else in 2 hours.

What is advised to speed up:

- I wrote to tech support on the same day, but they answered only after 4 days, just together with the unlocking.
- It is necessary to attract the attention of bots, so I published two articles this week.
- Even the attention of bots can be attracted through this service http://www.imtalk.org/ or for some social bookmarks to get rid of, but did not have time to do so.

Something like that. I hope something from the written will help in the fight against viruses. Something recently attacks have become more private :(

Life hacking 1 - how to buy a good insurance

Choosing insurance is now unrealistically difficult, so to help all travelers, I compile a rating. To do this, I constantly monitor forums, study insurance contracts and use insurance by myself.

Insurance Rating

Life hacking 2 - how to find a hotel 20% cheaper

First, choose a hotel on Booking. They have a good offer base, but the prices are NOT the best! The same hotel can often be found 20% cheaper in other systems through the RoomGuru service.

Discount hotels

Leave a reply