Discussion in 'BlackHat Lounge' started by fadly, Apr 22, 2010.
HELP!!My website became an attack site!Pls advise.. :help:
You need to give more details of your situation so someone can provide any help.
Remove all the files from your web host and have a developer to find where the issue is.
Contact your web host for logs. Maybe the attacks is coming off from a specific file/script.
After you've fixed your site and its clean, I believe you can have your site re-evaluated in Google Webmaster Tools area
Some of the viruses today know there are alot of people with their own websites. I got hit by a virus last year, and before I knew it had logged into my host. The viruses will add a redirect to the top of your index.html file, and add a few pages to your site.
Before you can correct the problem on your site, first thing you need to do is make sure your pc is'nt infected. Once you've done that then log into each of your accounts and look first in your index.html file to see if anything was appended to it. Usually it will be right at the very top even before the html tag. Then you need to look through all the files and directories looking for suspicious files. The easiset way to identify it is with your logs, look at the files being hit and you will see a few in which they are entering and leaving your site for unknown to you files, and never even hitting your real content. Also look at your 404 logs, and you'll see a lot of traffic trying to hit suspicious looking files that they aren't finding.
My solution was rather drastic, but really the only absolute gaurantee of success. I removed my hd, loaded a clean install of windows on a different hd. Then logged into my reseller account. Deleted the compromised accounts (about 15), then recreated them as new accounts, then reloaded the sites from backups I had. It wasn't a lot of fun, but it was effective.
You don't neccessarily have to be so drastic with yours, but you do have to make sure you find every file and every bit of code that may have been placed on your site. Otherwise you'll just keep having problems.
Sorry you had to get hit like that, it sucks.
Good luck to you.
Separate names with a comma.