file

Sometimes when you try to visit a website, you get a warning from your browser or antivirus that your site may not be safe for your computer. This is because your site has been infected with a virus.

By infecting the pages of your site, the virus, ensures itself further propagation. Usually, it simply adds a tag <iframe> at the end of index files, but sometimes it encrypts the code using JavaScript and can put itself in many different parts of the page.

Sometimes, attackers modify the contents of the .htaccess configuration files, which results in redirects from your site to malicious or unwanted pages. In the case of such an infection, the date of the last editing of the file is updated, suggesting that your site is infected.

Infection principle

How does a site get hacked and its files infected?

Very often intruders hack sites with programs in automatic mode. This means that they gather a large database of sites from search engines based on certain criteria, such as certain versions of popular CMSs (Joomla, Wordpress, etc.) and their plugins vulnerable to some known vulnerabilities. This database is then used to locate malicious code in the site's files. That is why you should always timely update your CMS and its plugins
Also, your site may be infected if your computer is infected with a virus. The virus may intercept logins and passwords from FTP and send them to intruders. Then, the attacker, having access to the files, places malicious strings in the scripts of the site
Thus, the main sources of infecting the sites are viruses on the computer, from which the site is downloaded, as well as outdated versions of the CMS. From the hosting side your sites are protected as much as possible, and even in case of infection of any site on the server, an intruder will not be able to get to your site and infect it.

Security measures

In order to protect your site from hacking, you should follow some simple tips

  • Do not store access credentials anywhere.
  • Set the correct permissions on directories and files. Set permissions on files to 644 and folders to 755.
  • Use the latest versions of CMS and plugins, it is advisable to subscribe to a mailing list or RSS, informing about security updates.
  • Always use long complex passwords and non-standard logins, change them periodically
  • Use antivirus software, and update antivirus databases regularly
  • Install operating system updates as they become available
  • Do not use outdated browsers, especially outdated versions of Internet Explorer (below version 7)
  • Do not upload unknown scripts to your hosting. Often, for example in hacked (nulled) versions of paid scripts have viruses
  • Do not use unknown links in messages, social networks and instant messengers (icq, jabber)
  • Don't keep passwords in FTP clients - very often viruses take information from FTP-clients
  • Have local backups of sites.

If site is already infected

You have the option of requesting to restore the site from a backup copy
After restoring the site functionality, change your password for FTP-account and database access
After restoring the site from a backup, update CMS to the current version, as well as update its add-ons.

Updated Sept. 15, 2024