Blog

Viruses on websites: what they are and how to check for them

Viruses on websites: what they are and how to check for them
User
Not a hacker

Excellent hackers crack The Pentagon. Hackers-losers attack websites. We’ll tell you what they need it for and how one can scan a website for malware.

The majority of websites are vulnerable

In the summer of 2019, Muscovites’ money was under threat. On the Moscow ring railway website, Google and Kaspersky Lab discovered the Panda trojan. Hackers used it to infect users’ devices, install malware and infiltrate databases of financial organizations. Normally hackers infect websites to steal personal data and money. But there are other reasons.

In November 2019, Chinese police arrested the owner of a botnet — a network consisting of 200 000 infected websites. The hacker used them for DDoS attacks. It is not the first and not the only case: such botnets appear quite regularly. Some of them turn into «armies» ready to attack huge resources, others are used for spreading malicious code.

All platforms are in danger. According to the Acunetix company research (PDF) that was conducted in 2019, more than 87% of all the websites have medium vulnerabilities, and 46% of web-resources have a high risk of virus infection. So, any website should be regularly scanned for malware.

87%
of all the websites have vulnerabilities

What viruses are and what they are needed for

In simple terms, a virus is a piece of code that is used by a hacker for personal gain. It affects both website users and owners.

Virus tasks Harm for website owners
post the redirect code; the virus redirects to another website, the resource loses users;
post malicious code and infect users’ devices; search engines will mark the website as a malicious one;
post ads and third-party content on the website; the design will be spoiled, the script will slow the website down;
add the server to a botnet and start a DDoS attack; a hosting provider will limit the website traffic;
steal information (e.g. contacts or bank card details). the police will take interest in the website owner.

Viruses affect attendance and spoil the website’s reputation. Search engines warn users about infected internet resources, lower websites in results, and sometimes (for instance, if a hacker posted spam), blacklist them.

A simple online virus check will allow you to fix the situation in time if you discover malicious code.

Types of threats

There are many types of threats. Let’s go through the most popular ones.

XSS or Cross-Site ScriptingXSS or Cross-Site Scripting is malicious code infiltration to the victim’s page. Once a user goes to the infected page, code starts connecting to the server — for example, steals cookies. XSS is dangerous not only for users: a JS script makes it possible to get the admin’s cookies with the website control panel access.

An SQL injectionAn SQL injection is the easiest way to crack a website. In order to work with SQL-written databases, the GET and POST methods are used. If there is a vulnerability on a website, a hacker will only need to send a GET-request to the server (i.e. simply type a specific address into the browser address bar) to get access to the database. After that, you can do anything with that data — download, edit, delete.

LFI — Local File InclusionLFI — Local File Inclusion involves the connection and use of a local file on a server. PHP-scripts are the most vulnerable. By transferring specific parameters to the infected file, a hacker will be able to get access to it and use it as he/she wishes. Generally, it leads to cracking a website but there are other options.

How viruses infect websites

Understanding the infection methods helps to prevent hacking or eliminate its consequences. There are a few options.

Vulnerable code
Some developers don’t care for the security of their apps and scripts. Websites on PHP are often vulnerable to SQL injections. Other languages have their own problems, that’s why you still can’t relax if you decide to build your website on Python or Django.

Any CMS, even the commercial ones, may contain vulnerable code. The more popular the system, the more hackers will know about its vulnerabilities. Viruses are the most common on WordPress websites. All due to the huge popularity of the system.

Viruses in plugins, themes, engines, ads, a web server
Malicious code can often be found in «cracked» themes, engines and plugins. Use only licensed apps no matter how hard you want to save some money: you’ll still spend much more on scanning your website for malware and eliminating the consequences.

Honest developers also make mistakes. Vulnerabilities are often found on the Exim web server, email server, etc. That’s why updates come out that often. Install them right after the release.

Malicious code is infiltrated in banner ads and announcements. They don’t affect the website itself but infect users’ desktops.

Website cracking and infiltrating malicious code
Websites are infected automatically but sometimes it is done manually. Programmers freelancers may leave a backdoor on the website. It’s a kind of insurance in case a customer doesn’t pay for the job. Backdoors are also used by hackers. Carefully choose a contractor and always fulfill your obligations. At the very least, those you owe to programmers.

A brute-force attack is a simple attempt to guess the login and password to a website control panel or a website account. Although the method is very obvious, it works: many people use the simplest passwords and logins. It’s easy to prevent the problem: use hard and long passwords consisting of random symbols.

Update all your software in time, from a CMS to a web server. Don’t buy unlicensed software and check your contractors. Use hard passwords.

How to scan a website for malware

Before trying to find a good programmer or trying to cure a website online by yourself, check whether your resource is infected at all. You can do it in several simple ways.

Take a look inside the search engine cabinet — Google Search Console («Security issues»), If your website is infected and malware was discovered, you’ll be notified. Important: this tool will be effective only against common viruses.
Google Search Console.

Use online scanners. These services will help you detect malware on website pages. Use dynamic scanners — they detect scripts that activate when a user takes some action.
ReScan.Pro,
SiteCheck,
ThreatSign,
Dr.Web.

Download scanning software. You’ll have to download such a scanner and upload it to the website folder. It will check all the files. Such software is often pre-installed by hosting providers. You can launch it in the hosting control panel. Scanners’ advantage is the ability to detect vulnerabilities.
Virusdie,
ImunifyAV.

Software and services will help you to detect the problem but they won’t get rid of it. To cure a website means to delete malware. It is not an easy thing to do. You will find some tips in the article How to scan a website for viruses: tips from a professional admin.

Use Vepp if you don’t want to worry for websites

Vepp is a service for creating and managing websites. Threats are nothing if you have Vepp.

  1. Always installs only current versions of the software.
  2. Automatically scans websites for viruses.
  3. Shows attendance statistics: you can notice suspicious traffic.
  4. Checks website availability and shows the main page screenshot.

 

Try for free

User
Not a hacker