Advanced

Programs for searching pages for malicious code

by bharathi 2010-11-02 15:09:57

a) Search one page at a time (recommended)

* An FTP client program such as FireFTP. You can use Windows Explorer for FTP, if you really have to.
* cPanel (or Plesk) > File Manager

Starting with the most important flagged page (such as your home page), visually inspect the source code of each file for the types of malicious text described in Section 4 below.

Malicious code is often inserted into web page files by robots (programs) using very simple rules for where to put it. Common locations are:

* At the very top of the file.
* Just before or after the or tags.
* At the very bottom of the file, after the tag.

If your pages normally validate at W3C, go there and check your badware-flagged pages. Any errors you get might point directly to where the bad code is.

b) Multi-file searching

With multi-file searching, a program scans all files for the search string you specify, and reports all the instances it finds. This is an efficient way to search if you already know how to do it. Otherwise, this is probably not the best time to learn, and I'd recommend the one-page-at-a-time method, above.

Dedicated server

Do your search directly on the server with an operating system tool like grep.

Shared server

If you're already familiar with cron and grep, you can create a cron job to do the grep search as though you had shell (command line) access.

Otherwise, download the pages (or your entire site) to your PC so you can search them there. Download with:

* FTP. If you normally publish to your site with FTP, be sure when you reverse-publish back to your PC that you don't overwrite your local site! Copy the files to a different location.
* Wget. After a confusing search, I got my Windows XP version at http://www.christopherlewis.com/WGet/WGetFiles.htm.
* cURL.

After downloading the pages to your PC, you can do the searching with any program that supports searching multiple files. Some examples:

* FrontPage
* Expression Web
* Dreamweaver
* GREP or a similar utility
* A programming IDE such as Microsoft Visual C++ or Borland C++ Builder
* Windows Explorer (its search methods have peculiarities that make it a poor choice for these searches)

Tagged in:

812
like
0
dislike
0
mail
flag

You must LOGIN to add comments
Tags
More...
Comments