1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

I think I downloaded a virus to my website

Discussion in 'BlackHat Lounge' started by theseodude, Jun 29, 2013.

  1. theseodude

    theseodude Regular Member

    Joined:
    Jun 25, 2012
    Messages:
    303
    Likes Received:
    88
    Hi
    I have a newly made website. It is not even indexed.
    I was playing with different contact forms, I was looking for one that doesn't require page refresh. I found some script on some "top 20 contact scripts" blog. I downloaded and installed it to the website.
    5 minutes later, I get a bunch of spam messages from the contact form to my email inbox. Russian ip address which has been reported on stopforumspam. I suspect that this script was infected.

    does anyone know how I can make sure my sites are not infected? I have a bunch of sites on this hosting account, so it would be kind of hard to erase everything and upload the sites again. I could do it, but would rather not.
     
  2. Conor

    Conor Jr. VIP Jr. VIP

    Joined:
    Nov 7, 2012
    Messages:
    3,354
    Likes Received:
    5,415
    Gender:
    Male
    Location:
    South Africa
    Home Page:
    Are you running Wordpress dude? There's a WP plugin called Malware checker or somethong of that nature, it allows you to scan your directory for most known infections. Give it a try.
     
  3. theseodude

    theseodude Regular Member

    Joined:
    Jun 25, 2012
    Messages:
    303
    Likes Received:
    88
    no, it's not wordpress, it's a css/html template. I know the template is clean because it came from a trusted source.
    a while ago i read here that it is possible to check all the connections that your website is making to the outside world? How can i do that, and how can I make sure there are no weird connections, how can i make sure my sites are not taken over by a spammer and sending spam to the whole world?
     
  4. darkfury

    darkfury Regular Member

    Joined:
    Oct 23, 2008
    Messages:
    264
    Likes Received:
    141
    Location:
    Scotland
    By having your own dedicated server, but that comes with its own problems, costs being only one of them.

    You could just move to a better host, koddos.com offer decent single site hosting for 40 USD per month and the security will be much better.
     
  5. hellnation

    hellnation Regular Member

    Joined:
    Feb 15, 2013
    Messages:
    278
    Likes Received:
    62
    Occupation:
    Senior Network and System Engineer
    Location:
    Quebec, Canada
    you could run a "diff" and see if any files were modified from your locally stored source.

    notepad++ has a diff addon, look at the "diff" command under unix, you can compare files and it will tell you exactly what changes were made.
     
  6. hellnation

    hellnation Regular Member

    Joined:
    Feb 15, 2013
    Messages:
    278
    Likes Received:
    62
    Occupation:
    Senior Network and System Engineer
    Location:
    Quebec, Canada
    via FTP, you can also look at the last modified date of your files on the site.

    See if there was any changes since you last updated the site?
     
  7. theseodude

    theseodude Regular Member

    Joined:
    Jun 25, 2012
    Messages:
    303
    Likes Received:
    88
    Unfortunately, I have since modified all the files so the change date will be pretty recent (like a minute ago!)
    also, this is not going to work because there are a lot of files in there that I did not put there (my host put them there when I first signed up with them, i guess they are files that are necessary for the sites to run)