Welcome to WebmasterWorld Guest from 220.127.116.11
Forum Moderators: phranque
First off all, is it possible for a virus to exist on a web page iteself?
I have the most up to date virus protection on my computer and when I visit the site nothing shows up as being maliscious. I am assuming that the person has several computers infected with some sort of "scareware" that is trying to get them to buy a protection program of some sort but I thought I would look into it just to be sure
Any comments or suggestions?
is it possible for a virus to exist on a web page iteself?
If you have checked the page's source HTML and nothing has been changed then your guess about the user having a scareware problem may well be correct.
But check very carefully.
now I just have to figure out how it got there
Your site has been compromised.
At the very least you should:
Check your computer for viruses and malware
Change your site access passwords
Check any scripts on the site for vulnerabiities
Check for any hidden files
Check for any other external modifications
Restore a clean copy of the site
If someone has write access to your site you have a serious problem.
[edited by: Samizdata at 6:56 pm (utc) on May 13, 2009]
Regardless of what you find at Secunia, also upgrade all your scripts to their latest versions.
Get the timestamp from the defaced file and examine your access logs to see what requests were being made to your site at exactly that time. That can show you which page they attacked and what method they used to get in.
Also check FTP logs for unauthorized activity.
[edited by: SteveWh at 7:51 pm (utc) on May 14, 2009]