Effective Ways to Detect & Track Infections in Your Website

Written by Amit Pankaj on August 3, 2011



Effective Ways to Detect & Track Infections in Your WebsiteThe virus infections are spreading very fast on the World Wide Web and even the most protected Websites are prone to be infected. So, what is about your Website? Is it still safe? You can scan a computer using Antivirus or AntiSpyware to detect the infections in it, but how do you test your Website for infections? Let us try to answer this question through this article. Here, we will discuss about the famous online scanners to test your Website for possible infections. We request you to have a look on these tools and inform us whether you find them helpful or not.

Check Symptoms

Continuously test your Website in different browsers on daily basis and note down each aspect like loading time, scripts being loaded, and Website performance. If you detect any change then inspect your Website with inbuilt Developer Tool of your browser. Currently, Google Chrome, Opera, Safari, and Internet Explorer have this option. We suggest you to use Firebug Add-on in Mozilla Firefox with its extensions like Yahoo! YSlow, Google Page Speed, and Firecookie for this purpose.

Test Website at Online Scanners

If you observe any change in the behavior or performance of your Website then it is the time to test your Website for infection at following security Websites:

Unmask Parasites

Visit the Website and enter the URL of your Website. At the time of writing this article, this service was under beta version and still it worked. We’ve tested our Website, and it displayed the following report:

After testing, you can use the additional test tools provided by the Unmask Parasites. Just click on the link “Reveal hidden spam links” and it will find out hidden links on your Website. It also informs how to search for spammy or possibly infected keyword links on the Website.

McAfee SiteAdvisor

Visit its Website, and enter the URL in the right sidebar widget saying “View a Site Report”. We tried it for our Website and found it safe. The SiteAdvisor Report also informs you whether it has been linked with secured Websites or not.

AVG Threat Labs

Visit the Website, enter URL and click the Check button. This easy service from AVG scans your Website for infection and shows the report.

Sucuri Site Check

Sucuri LLC provides this online testing service to scan the Websites. In fact, it provides a premium Website testing service in free. Not only    it checks for infection but it also provides you the list of links found, list of JavaScripts included, Blacklisted status by Norton Safe Web& Google Safe Browsing, and lists out the malware as well, if any.

Screenshot of scanning at Sucuri Check

Screenshot of scanning at Sucuri Check

Norton Safe Web

The antivirus giant, Norton, provides the online testing service – Norton Safe Web to check your Website for infection. It scans your Website, detects and reports these infections: Viruses, Drive-by Downloads, Malicious Downloads, Worms, Suspicious Applications, Suspicious Browser Changes, Security Risks, Heuristic Viruses, Adware, Trojans, Phishing Attacks, Spyware, Backdoors, Remote Access Software, Information Stealers, Dialers, Downloaders, and Embedded Link to Malicious Site. You can also Sign up for the Norton Safe Web.

Norton Safe Web

Norton Safe Web

Google Safe Browsing

Google Safe Browsing API provide interface to create applications to test your Website, but you do not have to create a tool to do so. Just type following URL and replace “Your Website Name” with the URL of your Website.

http://www.google.com/safebrowsing/diagnostic?site=<Your Website Name

Other tools

Following are the other tools to scan your Website:

Detect the Culprit

If you found infection in any of the tests listed above then it is the time to trace the culprit code and remove it out from the Website. Following three things can infect the code of your Website:

Malicious Scripts – These are used to redirect the visitors to a phishing Website or load badware from other sources. If your selected test tool list out this script then remove the code as soon as possible. These scripts are often injected inside in any file like XML, JS, Image, PDF, or any other file available on the server. Most of the scripts make use of mystification code and makes it difficult for any antivirus to detect them, whereas others use name of phishing name of popular sites like below

<script src=”http://www.mcaffe.co/sideadvicor.js”></script>

.htacess redirects – If your Website is being redirected to an unknown page or site, then it is the time to check the .htaccess file. Download it and check for any suspicious code in it. Remove the code and then check whether it is still being redirected. Following is a sample suspicious redirected code: -

Rewrite Engine On
RewriteCond %{HTTP_REFERRER} .msn.$ [NC,OR]
RewriteRule .* http://73.158.901.80/in.php?s=ips2 [R,L]

Hidden Code - Most of the times hackers or virus inserts the hidden code, which is not shown to visitors but bots and scanners can detect it. You can make use of above online tools and lynx – command line browser to track the hidden code.

Locations Prone to have Infected Code

We request you check for any unknown code in following files:

  • index.html or index.php (Index file)
  • header.php or header.js (Header file)
  • footer.php or footer.js (Footer file)
  • main.php or main.html (Main file)

To detect the suspicious code, you should know about the default/safe code of your Website added by you, developer, extension, theme, or Content Management System at the time of launching the Website. We suggest you to download the files of your Website and check for the suspicious code in each file manually. If you have taken a backup of your Website dating before detection of infection, then you can compare the backup files with the new one using WinMerge Tool. This tool will list out the differences in each file one by one. You can either check this code manually or search at Web search engines for it.

You can search for any part of the code in Web search engines to know more about it. You can also take help of Website developers or coders to detect & remove the suspicious code from your Website.

Conclusion

The World Wide Web is full of uncertainty and you do not know what is going to happen next moment. You should take the backup of your Website weekly and test it on above listed tools to know whether your Website is still safe or not. Trace out the culprit code, delete it, and be ready to take necessary actions in order to recover your Website.

About Amit Pankaj:
Amit Pankaj works as a Senior Technical Writer with XhtmlCSSCode. He specializes in Social Media, Content Management and SEO. XHTMLCSSCode shares information and insight on PSD to HTML Conversion and integration with 3rd party CMSs like WordPress, Magento, Drupal and Joomla. Subscribe to our Blog RSS or you can follow us on google+ for updates on HTML Conversion Service.
Share on Twitter

Submit Reply

Your Name
Required
Your Email
Required, will not be published
Your Website
Optional
Your Message
Required