briano — 2010-09-23T13:35:03-04:00 — #1
Hello, we have recently had customers call in saying that our site is trying to deliver a virus to them...we checked the code, used several checkers we could find online, including google's tool, and haven't seen anything. Still, we are getting a call a day about it. Any ideas on how to effectively check?
spacephoenix — 2010-09-23T13:51:11-04:00 — #2
Have you run a full scan on ther server that it's hosted on? Are all apps on the server the latest stable releases?
briano — 2010-09-27T10:53:58-04:00 — #3
Thank you for all of the advice. Still checking things, and not finding anything. SpacePhoenix, I'm talking to my host about it now. Thank you.
aleksejs — 2010-09-27T11:01:12-04:00 — #4
You can give QualysGuard (or other similar tool - this is one that I actually know) a try:
chemmyone — 2010-09-25T14:06:30-04:00 — #5
The most recent that I'm aware of were the attacks on Godaddy.. Most all .php files had a large section at the top of the file and were encoded.. you can plainly see if that is the issue by checking your index.php or see if your .htaccess is missing and file dates are not as they should be.. I posted on the most recent attacks in which I was affected at http://www.craigryder.com/godaddy/godaddy-shared-hosting-hacked-again-myblindstudioinfoonline-com/
There are instructions, links to a scanning service (no affil of mine) and a file to check your php files for infection..
tke71709 — 2010-09-23T17:41:07-04:00 — #6
Ask the callers what they are using that is reporting the virus to them (e.g. Norton).
Buy a copy (or preferably get a free trial version), install it, and visit the site.
That's the only way that you are going to know what your clients are seeing.