homepage Welcome to WebmasterWorld Guest from 54.166.159.110
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
preventing trojan virus on my server
for future attacks
hamids54

5+ Year Member



 
Msg#: 4423561 posted 1:18 pm on Mar 1, 2012 (gmt 0)

hi

I found trojan on my website by AVG antivirus.I asked server manager to scan and delete it.they did it.I asked them to install antivirus to prevent future attacks.they said that .js files have java scripts which might be the a style sheet coding. Sometimes the coding style/method might be vulnerable for the server. Antivirus on the server won't be able to detect it. We can enable KasperSky Antivirus to check it but not sure about it.

what do you think? isn`t there a good antivirus? I do worry about my server

 

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4423561 posted 5:09 pm on Mar 1, 2012 (gmt 0)

Are you sure the virus was actually on your server, and not insecure scripts modified to add malicious Javascript? Since you're posting in the PHP forum, I'm guessing this is the case. Generally files are modified to add a malicious bit of Javascript code that **leads** to a compromised server, which is what kicks off AVG warnings. So though it appears it's "on your site," it's just the code on your site leading to a compromised site.

This would have nothing to do with virus scans, it would have more to do with how you code and how you secure your scripts.

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4423561 posted 5:28 pm on Mar 1, 2012 (gmt 0)

Not sure your server manager knows too much about the technology unless we're confusing words here like java and javascript.

Typically javascript doesn't have impact on the server whatsoever. However, it impacts browsers, because javascript doesn't run on your server unless you're running screen shots or something like that.

One other possible method of infection might be from shoddy Ajax implementation, which technically is javascript in the browser, but it would still be the server side code, not the javascript, responsible for the infection being allowed to occur.

hamids54

5+ Year Member



 
Msg#: 4423561 posted 5:42 pm on Mar 1, 2012 (gmt 0)

Thanks for your replies.

it seems I posted in wrong section.I was looking for security section.

My server is linux.server manager scanned and found 12 infected files with trojan virus.they deleted them.

I think I have to contact programmer of my websites to
find holes and fix them.but unfortunately I have disconnected with him from 4 years ago.

97.55 % of my users are on my forum that is VB .I asked vb about this issue they said :

As far as I know there are no known injection vulnerabilities within VB 3.8.x series. If your server was compromised by VB you will need to open a support ticket accordingly. Most likely however this is a server issue and you Will need to contact your hosting provider for assistance

incrediBILL

WebmasterWorld Administrator incredibill us a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month



 
Msg#: 4423561 posted 5:58 pm on Mar 1, 2012 (gmt 0)

Do you do regular software updates for the whole server?

I can tell you right now that it's possibly ANYTHING, including your server software itself, even PHP itself that's possibly vulnerable so I wouldn't focus too much on just one script.

I wouldn't waste time trying to fix an existing box as you may never find some root kits.
In the end, having done this a time or two, you're probably going to spend more time cleaning an existing box and messing around than simply moving and still may not fix it entirely unless you reformat and reload from scratch.

I'd have a new server provisioned ASAP and migrate to it and upgrade PHP scripts and whatever else you have installed as part of the migration process.

Otherwise you might just get hacked over and over and...

hamids54

5+ Year Member



 
Msg#: 4423561 posted 8:39 am on Mar 2, 2012 (gmt 0)

server manager says:

...I have installed AVG Malware scanner for linux and not able to detect any vulnerable files.Please understand that it is not the hacker/attacker who inserted the codes. The developer "coding style" is vulnerable. When we go for cheap plugins or themes, we are not caring for coding style that is causing such vulnerabilities. The vulnerability means that it is open to such website cross scripting or some other type of attacks...

But my problem is I have disconnected with the developer from 4 years ago and I don`t know what I must do to fix the bad codes...

enigma1

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4423561 posted 11:30 am on Mar 2, 2012 (gmt 0)

You either need learn the software you use or to find someone who does and fix it. As of this:

As far as I know there are no known injection vulnerabilities within VB 3.8.x series.

It talks about the stock version. Most webmasters will customize sites one way or another, install extensions, add new code or entire applications in the same folder etc. So don't rely on it.

hamids54

5+ Year Member



 
Msg#: 4423561 posted 12:43 pm on Mar 2, 2012 (gmt 0)

Thank you enigma1

The developer of my site don`t want to fix this issue.it seems
I have to find another one for this issue. I myself don`t know
anything about programing .

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved