Help: my website infiltrated/infected

drakandrakan
edited November 2010 in Science & Tech
Hi, I need some help from you guys. My website has been infiltrated. Some of my customers informed me that their antivirus pops up when they visit my site, so I went to scan it with AVG's website checker and it says the threat detected is "Link to Exploit Site". How do I go about removing this threat? Thanks.

Comments

  • ThraxThrax 🐌 Austin, TX Icrontian
    edited November 2010
    Contact your host and your advertising vendors.
  • drakandrakan
    edited November 2010
    I contacted our web host earlier today but they said its a vulnerability in the website and not their responsibility?
  • shwaipshwaip bluffin' with my muffin Icrontian
    edited November 2010
    Probably your ads then?
  • drakandrakan
    edited November 2010
    my website has no ads
  • drakandrakan
    edited November 2010
    plus, what exactly is "link to exploit site"?
  • shwaipshwaip bluffin' with my muffin Icrontian
    edited November 2010
    are you using any javascript from another site?
  • drakandrakan
    edited November 2010
    shwaip wrote:
    are you using any javascript from another site?

    no
  • kryystkryyst Ontario, Canada
    edited November 2010
    It means that your website - some where - contains link(s) to other infected sites.
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited November 2010
    And you're probably going to have to go through each file on your website, by hand, to find which page has been taken over. If you have backups of the site, it'd probably be easier to delete the entire thing and restore from a backup. Then you need to work on your domain security.
  • drakandrakan
    edited November 2010
    kryyst wrote:
    It means that your website - some where - contains link(s) to other infected sites.

    The only links I have on my site are to PDF files that I uploaded to the website (via the web host). Earlier I went through the site and clicked/open all the pdf links and my antivirus (ESET NOD32) didn't go off.
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited November 2010
    The webpage that's hosting those PDFs is infected. Someone injected malicious code into your website.
  • drakandrakan
    edited November 2010
    I uploaded the PDFs through the web tools provided by my web host (aplus.net). So, you're saying I should remove the PDF files and re-upload them?
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited November 2010
    Do you have HTML files on your website? If yes, one of them is infected.
  • P0rkCh0pP0rkCh0p baltimore
    edited November 2010
    here is where i would start: i would ask what antivirus they are running and then try to regenerate the error, it could be as simple as a line of code looks out of wake and the antivirus tool is flagging it or someone could be going as far as someone running some sort of tool. i would check out sans.org and go from there, also if you do find some code copy and post it backtrack.org (keep your defenses high on backtracks site some dont play well but they will help you if you ask nice) please keep us posted as to your progress
Sign In or Register to comment.