Scan to check if it still has infected files.

+5 votes
I have a website that was hacked recently. I have restored the backups but i want to know if theres a way I can scan all the website files to check if there are still any infected files.
asked Feb 26, 2015 in Shared Hosting by Desmond

2 Answers

0 votes
If you simply restored the backups then there's really no point in checking for files: someone convinced your software to do something rampantly stupid, and if you have put that same software back just like it was, then there's nothing to stop it all from happening again.

The right way to solve the problem is to keep your images (*.jpg, *.png) and your database and attach them to a fresh and up-to-date installation of your software and its plugins.  Make sure you set a good password on this new installation, and remove any extra administrative users that your friendly neighbourhood hacker left.

If you have to copy php files from the existing installation, then you can laboriously examine each and every file for gobbledegook that is a PHP backdoor.  This is a bit of a losing battle though :(
answered Feb 26, 2015 by Bananaman (5,390 points)
0 votes
p, li { white-space: pre-wrap; }

Good Day Desmond :)

 

To secure your domain you are able to follow the steps below:

 

1. A good Anti-virus will always help you catch the pesky compromised files. It will easily pick up the less obvious signs of encrypted files which is great for resolving the underlying issue before matters get worse.

 

2. Check the Last Modified dates of all files on your domain through the File Manager in CPanel or by looking at the files through an FTP client software. This will allow you to find recently altered files, some of which may have been edited by the Attackers.

 

3. Using the following website scanner will also be able to pick up issues on the domain. However this will only pick up files that are exposed to clients when browsing the domain. I would recommend using this along with the Anti-virus and Last modified date checks to ensure all issues are found.

 

> http://sitecheck.sucuri.net/

 

4. Always ensure all CMS plugins and themes are up to date. Older versions of plugins and themes, especially free versions, are usually the first to be compromised on a domain. Keeping these up to date will assist greatly with domain security.

 

5. Another useful tip is to check if any of the plugins you are using have been listed on the "Vulnerable Extentions List".

 

If you have a Wordpress domain, Take a look here:

> https://wordpress.org/plugins/tags/vulnerability

 

This link will help for Joomla domain extensions:

> http://vel.joomla.org/

 

 

If all else fails and you are unsure about whether or not your domain is clear of all issues, let Afrihost know. They will be able to assist by having a look at the domain for you. :)

answered Feb 26, 2015 by Kendall_✖‿✖ (180 points)
...