Exploit on my site

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Greetings ...

I have a website - I'm trying to attract advertisers.

An avertiser just recently contacted me - and told me he
was not interested because when he clicked on our link -
his avg said it was the virus "exploit"

So, I called my friend - and he said that his avg said the
same. And instructed me to call my provider so they can
remove the virus.

My provider said it was one of my scripts. And only I could
revove it.

However - I visited the link scanner online site - and ran the
link, and this is what they said:

DANGEROUS: LinkScanner Online has found
[Link to known exploit site]

Detail:  Exploit: Link To Known Exploit Site

This page contains a link to a known exploit site. This link may
or may not be active. It may or may not require you to click it to
be infected. Some pages with such links automatically download
the malicious code without any action on your part. Because of
this we automatically block access to such pages.

Risk Category:  Exploit

How can I find out which link it is?

The link in question is: http://www.allsitecafe.com/safelists.html

Is there any way for me to find out which link or links it is? I need
to have it removed!

Any suggestions?

Thanks in advance!


Re: Exploit on my site

"paris" wrote ...
Quoted text here. Click to load it

I'm not ging to visit your site - for obvious reasons!

However, start by removing every single link that does not go to a site you
genuinely recommend (as well as being an essential precaution, this will
almost certainly help your site in Google, and maybe other SEs).

Then remove every non-related reciprocal link.

Then repeat the above two steps, removing all the ones you accidently on
purpose did not remove ;o)

Now do the same with any 'third party scripts' - web counters are a waste of
space, often bring pop-up boxes, and may be the guitly party. And you really
don't need them.

Gimmicky javascripts that make your page wobble, flash, dance or spit, are
easily contaminated, and if you got them for free from a cr*p site, they are
probably cr*p. And likely contaminated.

"Get rich quick" affiliate links will NEVER make you rich, but your greed
may have been exploited, especially by sex or gambling scams.

Then go through line by line removing everything else that you are not 100%
sure of.

Now install a quality antivirus that checks web sites in Google searches (eg
AVG 8), and search for a unique string of text from your home page.

And run your page checker again.

That lot may help, but it's probably not comprehensive; others may add to
that list.

Think of your site like a Rolls Royce Limousine; if you maintain it with
quality parts, it'll serve you well for life. If you source essential parts
from *insert country name here*, then expect problems.

Good Luck!


UK Residents:
STOP THE "10p Tax Ripoff"
Sign the petition to stop the government stealing from the
very poorest tell your friends about this petition:

Re: Exploit on my site

Quoted text here. Click to load it

Start by setting _strong_ ftp passwords. There was a flurry a few
months ago of dictionary attacks on weak ftp passwords, then sites
being hacked to embed a script exploit.

The exploit-installation bot would go through all the directories on a
site and hacking the index.htm files to embed a single very long line
of a <script> element full of obfuscated JavaScript. If you've the
vaguest familiarity with web coding, you'll see this a mile off - it
just _looks_ wrong.

Easiest way to fix this is because you do of course have a local copy
of your site code, don't you?  Just delete the whole live copy of the
site and re-deploy it from your local development server (check that's
still clean though!)

If you'd edited files on the live server and don't have a clean copy,
then you face a lot of tedious editing to fix it. Sed (look it up) can
do this.

Site Timeline