Among the many antiviruses, utilities and scanners, it is very easy to get lost and it is difficult to understand how exactly to check a site for viruses. Next we will talk about this in more detail.
1. Use online check:
- Sucuri - here you can check your website for viruses and malware for free. Quite a popular and accurate online scanner.
- Web Inspector from Comodo is a free online virus and malware scanner. The site describes the symptoms of site infection. You can treat your site for free if you find similar symptoms on your site.
- The free Ai-bolit service is one of the most popular solutions among hosting technical support. There is an online scanner and installer on Personal Computer. Quite reliable service.
- Virusdie - also applies to free of charge and you can check for viruses online. Very comfortably.
- VirusTotal is a good and very well-known resource around the world that checks whether your site is in the virus database of the most popular antiviruses and other similar services.
We recommend checking each of them to eliminate the possibility of a site being mistakenly identified as safe. For example, if you came to the site new virus, then at the time of verification not all services may have time to add it to their database.
2. Check via Google and Yandex
Who better than the most popular search engines should be able to search for viruses on websites. If your sites are not added to Google Webmaster Tools and Yandex-Webmaster, then do it urgently. Because In addition to checking for viruses, these services provide a lot of usefulness for website owners. There is no point in writing about how to use them, because... their interface changes approximately every six months.
Google has another service for checking a site for viruses GoogleSafeBrowsing. You just need to enter the name of your site in the appropriate window and click on the magnifying glass icon.
3. Check offline
Now let's check the site files directly on your computer. This check can identify most hacks that are not particularly active and may go undetected when using the online services we described above.
First, you need to download the site files to your computer.
Important! Do not run any site files or edit them on your computer. Otherwise, your computer may also be infected with site viruses.
- Al-Bolit - very popular instrument. Since it can be used offline by installing it on your computer, we couldn’t help but add this scanner to the review.
- ClamAV- free antivirus, suitable for any OS: Linux, BSD and Windows. You can install it on your computer and “run” the files. Virus databases are updated every 4 hours.
Important! Make sure that there is no conflict between the antivirus for the site and your antivirus for the computer (if you have one). In theory, everything should be fine, but if not, be sure to write to us about it.
When removing malicious code, do not think that you have cured the site. Yes, you have restored the site, but the “hole” through which it was hacked remains, and 99%, that after a short time, the hack will happen again. Therefore, we have prepared tips for you on how to treat an infected site and how to improve site security.
Also, if you know other search methods that are not described here, write them in the comments and they will be added to the article. And feel free to ask questions, our experts answer them very quickly.
The other day, the hosting provider reg.ru suspended the operation of some PHP functions (in particular mail - sending messages) on the site of one of my clients, explaining this by the fact that malicious software was found in the account that sends spam. It stopped working and orders stopped coming, and this is already a loss. In this regard, I decided to tell you, site readers, how to check your site for viruses and remove malicious code in a timely manner.
The situation is not uncommon, even this blog of mine has twice become a victim of hacking. It is impossible to completely protect your resource from viruses, but it is necessary to minimize the risk. As a rule, attackers use CMS vulnerabilities, design templates, or incorrect hosting settings to penetrate.
What to do if you suspect your website is infected with viruses:
- Check the site for viruses and find files containing malicious code (this will be half of the article),
- Delete or disinfect detected files (second half of the article),
- Close the “holes” in the site through which bad scripts have penetrated.
All 3 cases of hacking that I encountered (2 mine and 1 client) occurred for one reason - on the hosting, some folders had public access rights 777, allowing everyone to write any information there, so point No. 3 about closing “holes” is the most important. I'll tell you about him at the end.
Why online antiviruses are ineffective for a website
When real problems arise in the operation of the site or messages appear from Yandex Webmaster about infection, many begin to look for online antiviruses for sites. Sometimes they help, but most of the time they don't do it completely.
The problem is that services such as antivirus-alarm.ru, virustotal.com, xseo.in, 2ip.ru, etc. only have access to the external side of your site. This means that they will only detect malicious code if it gets out and shows some signs.
What to do if infected files do not manifest themselves in any way and are still inactive, or the result of their activity does not give obvious signs of infection. Well, for example, they simply display extraneous links on web pages - for online service it will be , and the virus itself is hidden deep in the PHP code and acts only at the server level when processing requests.
Advantages of online antiviruses: Ease of use – write the site URL, click a button and get the result. But it’s not a fact that a virus was found.
The only effective way to identify all problems is to completely scan all the files hosted on the hosting where the site is located. This can be done with access to the hosting, which means that the antivirus must work directly inside the files and folders of your site.
Antivirus plugins
By the way, fans of popular CMSs have a little more luck in fighting viruses, since there are plugins that can detect and eliminate them in a timely manner. I talked about one such plugin in an article about it; it automatically monitors changes in engine and template files. But even it is not always able to help, since viruses can not only penetrate existing files, but also create their own, against which the plugin will be powerless.
In a word, in a critical situation, a full scan of all hosting files, including those that do not relate to the CMS, may be required.
So, let's move on to the section “How to check a website for viruses using professional methods?”
Checking website files with AI-Bolit antivirus
As with regular computers, websites are checked for viruses by antivirus programs. But for these purposes, ordinary antivirus programs, which I’m talking about, are not suitable. You need a special one that works for the hosting and is designed for threats to sites.
Lately I have been using Revisium’s AI-Bolit antivirus for these purposes. In addition to its antivirus for websites, this service participated in the joint development of an antivirus for Yandex.
Let's go through all the stages of search and treatment using AI-Bolit step by step.
Installing AI-Bolit antivirus
From this page you download the archive with the hosting program – https://revisium.com/ai/ (small file).
There is a version for Windows - to use it you need to download all the site files from the hosting to your computer.
There is a version for hosting - virus checking takes place right there (on the server with the site). I will talk about how the hosting version works, download it.
Unpack the downloaded archive, as a result, you will have a folder with a name similar to the name of the archive - ai-bolit, a tools folder and 2 files.
To work, you only need the contents from the first folder (ai-bolit), consisting of 5 files. You need to upload these 5 files to the root folder of your site (where your index.php is located) via FTP or through a file manager.
Setting up the program
By default, the antivirus is already ready to work, but it has two settings that you can use to optimize the program to suit your needs. All settings are made in the ai-bolit.php file.
1. Setting the scanning depth. It can be of 3 degrees: 0 – quick check, 1 – expert, 2 – paranoid, default value is 1. The line responsible for this parameter is:
Define("AI_EXPERT_MODE", 1);
2. Password to access the program. If you plan to keep the antivirus on your hosting permanently, then you need to set the most complex password possible instead of the default one, otherwise attackers will be able to damage the site through the antivirus itself. If you are interested in a one-time scan, after which the antivirus files will be deleted from the hosting, then you can leave the default password. The line responsible for the password is:
Define("PASS", "1122334455");
After saving the settings, proceed to launching the scanner.
Starting the program
Further actions will be carried out through the browser. In the address bar you need to type the URL leading to the ai-bolit launch file - your-site/ai-bolit.php?p=specified-password .
After some time, scanning all files on your site will be completed and you will receive a report like this:
Startup problems
Since anti-virus scanning of a website creates a considerable load on the hosting server, hosters often prohibit the operation of such programs. In this case, you may encounter error messages such as the following:
In this case there are 3 options:
- The hoster itself scans for viruses and warns clients about their appearance.
- The hoster may allow you to check after requesting technical support.
- Download the site files to your computer and check with the antivirus version for Windows.
Analysis of results
The report received during scanning can be used in two ways - transfer it to a specialist so that he can understand its contents or independently review each suspicious line. Often, features of templates or specialized scripts are mistaken for viruses (especially at a paranoid level of verification).
After all checks and removal of malicious scripts, antivirus files can be deleted from the hosting.
Closing site vulnerabilities
Now about eliminating the causes of infection. I said above that most often viruses are uploaded through folders that have general access to everyone - access rights 777 (rwxrwxrwx).
If some folder on your site has such rights, you can upload a virus file there and use it to spread malicious code throughout the site.
To ensure that the infection does not recur after your treatment, you need to check each folder in which Manul found infected files and, if necessary, change the rights - deny public access - set the properties to 755 (rwxr-xr-x).
In some cases you can make even stricter rules, but 755 is the minimum security level.
That's all I have for today - good luck to your projects.
The tool is designed to online check websites for unwanted software and other security threats. With its help, you can quickly check whether a site is under sanctions of the Yandex search engine, which does not allow it to occupy high positions in the search results.
How are sites checked for viruses?
The tool uses the Yandex API to identify malicious content on site pages. When crawling page URLs (indexing), Yandex robots carefully analyze the contents of each page and, having detected a virus on them, add this information to the index database. The search engine marks the resource as dangerous in its search results and browser.
At the end of 2016, Yandex knows about 370 thousand dangerous pages (not counting Google, Rambler, Yahoo, etc.) that contain viruses, and this list is updated daily. During the day, Yandex browser users download 1.1 million files using a computer, of which 42 thousand are recognized by the Protect technology as dangerous.
The presence of viruses on a website has a very negative impact on its positions and is an important ranking factor. This is due to the fact that Yandex tries to guarantee the security of its issuance. Sites that distribute malicious codes and services will be marked as dangerous.
Types of threats that are guaranteed to be detected by scanning with this tool
What to do if a virus is detected on the site?
If you do not spread viruses of your own free will, then you need to cure the infected site; this can be done in two ways:
- On one's own. To do this, you need to have a set of special skills and software that allow you to effectively analyze a site for the presence of web shells, malicious elements in templates, a database, or on the server as a whole.
- With the help of experts.
To do this, trust professional programmers from MegaIndex
Specialists will scan the resource for vulnerabilities, “clean” the code from viruses, install an antivirus and clear the site’s reputation in search engines.
Until recently, anti-virus scanning of websites was available only to qualified specialists who understood methods of combating malicious code on websites. Now it has become easier to analyze a website with an antivirus; a large number of scanning tools are offered on the market, however, not all of them can guarantee a full scan, and even fewer can be cured. We will talk about the various existing approaches to scanning and their treatment and compare them with the capabilities that Virusday provides.
Services for checking websites for viruses without installing software
The easiest to create and least effective are services that scan generated site page codes. Such services allow you to check a site with an antivirus superficially - by going through the available HTML pages websites JS scripts (JavaScript) to detect the presence of malicious codes. The use of such services does not require any knowledge or skills from the owner.
All you need to do is simply enter the address in the required field on the service page and click the “Check” button.
The service will start crawling available pages resource of the specified page, moving between the pages of the site following the links found on them and checking the HTML code for the presence of suspicious fragments. Also, such services usually scan files of .JS scripts included on pages, since they, like HTML, are available in explicit form. In addition to their basic functionality, such online scanners check for the presence of the specified URL in blacklists of search engines and browsers. You can check for yourself whether your site has been blacklisted, for example, here:
Google check (Google Safebrowsing):
http://www.google.com/safebrowsing/diagnostic?site=http://websitename.com
Yandex check (Yandex Safebrowsing):
http://yandex.ru/infected?url=websitename.com
In both cases, you need to substitute the address of your website instead of websitename.com.
After scanning is completed, such a scanner will produce a result containing a list of threats found and the site files affected by them. However, it is impossible to cure your site with such a service (it is only possible to check the site for viruses, i.e. for their presence or absence), since it does not have access to your resource. In addition, the main problem is the inaccessibility of PHP files for the scanner. PHP files are inaccessible to users, however, in most cases these files contain malicious codes. Also, but quite rarely, malicious codes can even be contained in the resource database, and their detection and removal requires access to the DBMS.
Services with manual upload of files for scanning and treatment
Often on the Internet you can find the definition of such a service as a “site for checking files for viruses,” however, you need to understand that these are full-fledged serious services, much more than just sites.
In addition to simple online scanners, there are also slightly more advanced services with which verification is also available. Such resources allow you to upload any of your files from your computer on their page and check it with many people at once antivirus databases for threats. Of course, online virus checking here will be more complete than in the case of the previously described services. Here you can check all types of files from .html to .php. The only limitation can be the size of the uploaded file, the maximum threshold of which is set by the service itself. The obvious disadvantages of this approach are both the need to first download your website files to your computer, and the impossibility of disinfecting website files, even despite scanning them completely.
Just imagine how many files you will have to check one by one (usually, such services allow you to upload files one at a time), if there are hundreds or tens of thousands on the site? Such a service will also not be able to cure a file by removing malicious codes from it. Such services usually do not provide such functionality, since their entire operating principle is based on checking files using foreign signature databases, and their owners (usually large companies developing anti-virus software) software) they will not be provided to the service provider. On their side, antivirus software developers who provide file scanning services will not treat them either, because such services are free.
We do not know whether Kaspersky allows you to check sites for viruses online. The company announced an online file scanner http://www.kasperskyasia.com/virusscanner, however, it seems that the laboratory has discontinued this project and Kaspersky no longer allows downloading files, as well as checking the site for viruses.
Here we can say that this (second) type of file scanning service is also not an antivirus, but is only an inferior diagnostic complex, which is also not very convenient when there are a large number of files on a website. You won't be able to scan a website with this service either.
Services for scanning and treatment with the need to provide FTP access
Services of the third type are already almost full-fledged antiviruses. They allow you to detect viruses and threats on websites in files of all types. They allow you to remove malicious codes, however, there are also disadvantages and some limitations.
First, you need to give such an FTP service access to your site. This is not always convenient for website owners, who often have no idea what FTP is, or, conversely, advanced owners or administrators who are well versed, but have set restrictions on accessing their server via FTP. Also, this method of connecting to your server implies an increase in traffic on your server for the sole reason that for checking and treatment, the service will download files to itself and then upload them back to your server. In addition, such a connection is not always stable and can break at the most inopportune moment of work, possibly damaging some of the files.
Secondly, in most cases, such services are not automatic full-fledged antiviruses. Often, all the treatment work is performed by real people who access the site via FTP. This fact does not always please the owner. The main problem is the inability to quickly respond and eliminate threats. After all, a person is not a machine. He needs more time to analyze and perform operations, which he often doesn’t have. Search engines they will not wait for a specialist to cure the site, but will simply place it in a ban (blacklist) at the first check, which, as you know, is carried out more than once a day.
Services for scanning and treatment without the need to provide FTP access. Full-fledged online antivirus websites.
Such services are very rare. They can be called full-fledged antiviruses for websites. They don't need FTP access to your site. They do not require installation or configuration. They are completely autonomous. All operations are carried out in automatic mode in accordance with the set settings, often already optimally selected by default. There is only one copy.
Virusday is the first representative of a new type of service for automatically checking and eliminating threats and malicious codes on a website. Only with such a service can you be calm about your positions in search results, since your files, if infected, will be disinfected before search engines detect them.
The Virusday cloud service helps solve the problem of finding and treating viruses, monitoring performance and centrally managing websites (created using JS, PHP and HTML) on VDS and DS servers and is intended for ordinary users and website owners, programmers, system administrators and web studios. The antivirus does not require installation and is managed remotely through your Virusday account. For the service to work, you need to place the synchronization file, offered for downloading when adding a new site, to the root directory of the corresponding site using, for example, FTP.
All you have to do is register and place one special file synchronization to the root of your sites. Add your sites to the list. Manage on one page, see their status, scan results and removal of threats. Automatic scanning with an interval of 24 hours is enabled when a new site is added to the list, but manually you can change the settings of each resource individually, setting the scanning interval to, say, 6 hours. Website virus test happens automatically.
You can check the site for viruses for free, however, in order to cure website from viruses you will need to connect a paid account. 
You can view infected files with selected fragments of malicious code, disinfect sites with one button, receive reports on infection and treatment results on email. Virusday allows you to forget about problems with viruses on websites and do what you are really interested in. 
Website management in Virusday
In the control panel of a specific site, you can scan and disinfect the site by clicking the “Scan” or “Disinfect” button in the “Antivirus” section panel. The scanning and treatment process can take a long time and depends on the size of your site.
Site treatment
The treatment process is carried out in exactly the same way as scanning, however, in this case, infected files are immediately treated or deleted. Before treatment, we recommend that you make a complete archive of the site, since the treatment process involves deleting, editing files or database records of your site.
Treatment and scan reports
You can view the latest (current) scan and treatment report in the Antivirus section below the dashboard. By default, the list of detected threats is displayed in the form of a table traditional for antiviruses (the switch is in the “Details” position). You can view the contents of infected files with a highlighted malicious code in them simply by clicking on the infected file in the “Visual” mode or by clicking on the link to the infected file in the “Detailed” mode.
Server information
In the “Server Data” section you can view the current data of your server (the server on which your website connected to Virusday is located) and its basic settings. Also, here you can re-download the synchronization file if it is deleted from the server and the site is unavailable for Virusday. If the site is unavailable for the service for some reason, instead of the “Rights are confirmed, the site is synchronized with the Virusday cloud” indicator, you are asked to download a unique synchronization file and upload it to the root directory of your site.
Register now at .
IN Lately The Internet has become the main habitat of viruses, since only there they can effectively spread on user computers. Gone are the days when systems were infected through disks or flash cards. With the increase in the amount of downloaded information, the number of infected computers has increased, as users perceive a threat from the Internet as something abstract and something that will not affect them.
Unfortunately, it is not. Neglecting basic security can jeopardize our data stored on hard drives. Infections of computers of large corporations became indicative ransomware virus, which extorted money for unlocking, and otherwise encrypted the data. Most contracted it due to simple carelessness.
Prevention of infection
First of all, you need to use antivirus programs. Most of them are capable filter traffic, in advance warning users about the danger lurking in the resource being opened. Even free versions can significantly enhance computer protection.
Secondly, you should go to browsers, in which it is built checking sites. They warn about the danger that awaits users on a particular site. One of these is Yandex browser. It has it built in by default plugin, which scans the site and limits access to openly malicious resources. If a user tries to access such a page, they will see a warning message and a prompt to close the tab.
Thirdly, try don't cross via suspicious links in in social networks. VKontakte itself warns that the site may be dangerous, so do not neglect the advice of the service. Most infections occur this way.
Using Google to check
This option is suitable for website owners who want to make sure that their creations will not harm users of the World Wide Web. If the site does not belong to you, then you will not be able to check it through search engines.
To begin, let's go to webmaster panel. It is located at google.com/webmasters/tools/home (you need to log in to your Google account). After that, click on the button “ Add resource" and enter the link to the site in the window. After that, click “ Add». 
After this we will be required confirm rights to the site. To do this you need to place HTML template on the resource so that Google can identify us. We carry out all the steps from the instructions and click “ Confirm». 
After confirmation, we can view all the information about our site. To do this, select the tab “ Security issues" If there are viruses on the page, the system will notify us about it. If not, we will see this picture. 
Yandex for checking for viruses
By and large, in Yandex we repeat the same procedure as in Google:
Doctor Web and Kaspersky
For the most part, by checking a site through these two services, you can be 97% sure that the site does not contain viruses. These laboratories have devoted years to developing antivirus programs, so there is no doubt about their competence. Let's start with Doctor Web.
Let's go to the official website vms.drweb.ru/online. In addition to checking for viruses, you can view an extensive selection information about viruses and their spread. The main part of the page is the address bar in the middle, which enter the link to the resource you are checking and click “ Check». 
After a while we will get detailed description checks carried out, as well as a conclusion about the danger or safety of the page. 
Job " Kaspersky"is built on the same principle. However, here we can also check files. Enter URL in the address bar and click check.
Unlike the previous service, we are not burdened with verification details, but are given the result immediately. 
Other online services
In addition to those already discussed, there are other services for checking links:
