Diadem Web Hosting Knowledgebase
Search:     Advanced search

Malware & Cross Site scripting attack in website

Article ID: 342
Last updated: 07 Jun, 2011
Add comment
Views: 6808
Comments: 0

While browsing your website you can come across error message in your Mozila or Google Chrome web browsers. (fig 01 & 02)

   

            fig 01: attack reported on Mozila Firefox

  

           fig 02: attack reported on Google Chrome

  

This type of message you can not  see on Internet Explorer.

  

The problem that you have faced due to a code hack done by internet hackers who scans your website using some internet robots and gets hold of the coding and other relevant details about the server like web server version, scripts language and database type. This problem has come into light in recent years and not only your site but many other sites are affected with this problem. The hackers inserts some malicious codes as well as some scripts and iframes that redirect to other sites containing virus for which they don't need any access to the server. These types of infection are called "Cross-site scripting" which operates on the vulnerability in the website and exploits them (like non filtered input in the search/ contact/ login/ any type of submit page). No firewall, antivirus, antispyware can protect this to happen. It can only be stopped by patching up the vulnerabilities in your site.

  

Affected files — index files in all folders mainly index.html, home.html, default.html or php files or any other html or php files in the website and htaccess file also affected by this kind of codes.This is a platform independent attack and can happen in both WINDOWS and LINUX servers. Samples of affected files are shown below.

Sample of  infected htacess file.

  

Infection of javascript.

  

Sample of URL insertion in iframe and script tag.    

 

Solution

  1. You need to change the ftp and control panel password immediately. Generally if we find such issue from our alerting system we will at first reset the ftp and control panel password and inform client. As per the volume of infection sometime we may delete all the files from the website. In case of minor infection we manually clean the file and inform the client.  

  2. You need to clean all the files and database and meed to fix all the vulnerabilities in your website with immediate effect because failure to do so in timely manner may lead server being blacklisted in internet.

  3. Submitting review in GOOGLE WEBMASTER tool. Link for the webmaster tool at www.google.com/webmasters/tools.

  

Steps to follow in webmaster tool

Google Webmaster tool URL: www.google.com/webmasters/tools

After login into the Webmaster tools. Add your site.

  

Now you need to verify your site ownership, click on the Alternate methods to verify your site.

  

  

  

Select the second option "Upload an HTML file to your server" and follow the Instruction. After completing the steps (1-3) click on Verify.

  

  

You will get a confirmation message after successful verification. This site may be distributing malware. Click on More details.

  

  

Now click on Details to show the exact malware code in the file.

  

  

After clean up the site and patching up all the vulnerabilities check the certify box and write some comment and click on Request a review.   

  

You have completed the procedures in Webmaster tool, Google has accepted your request to review the site, it will take 24-48 hours as per Google policies.

 

If you have any further queries please write to us at the address: support[at]diadem.co.in.

This article was:  
Add comment
Prev   Next
Email Blacklist & Whitelist in plesk 10     Creating VPN connection from Windows 7 PC