What to do if your site is attacked?

What to do if your site is attacked? ... It's no secret that many sites often try to "crack", particularly vulnerable to attacks «народные» сайты Яндекса .
Method "hacking", as a rule, very simple: by using any haste "naguglenny" password generator, an attacker chooses the password to the site of the target and makes the so-called deface (From the English. Deface - impair, mutilate, injure, deface, erase, destroy) - change the title page of the site (for example, displays - huge letters "- the inscription" Here I was, the steepest hacker of all time Vasya Pupkin! "). Less content, copyright is replaced by some pornographic content.

More malicious hackers go further, for example, built into the code page of the site script with references to files with malicious content. When you try to download an infected site (page) script is triggered automatically and the user's PC, open a Web page, upload and install malicious software. And if the user's PC is not protected by antivirus and firewall, try visiting an infected site may end up in the key of D minor ...

Sometimes the attacks on websites are widespread. In this case, more sophisticated hacking technique: for example, use SQL-injection 11,111,117. - The introduction of operators SQL »([i] SQL Injection - Appearance of vulnerability, in which the attacker adds SQL-query with additional operators, allowing privilege escalation or unauthorized access to data. Vulnerabilities normally operate through the boxes and options for Web pages, code which does not filter user-allocated values. By the way, an attack using SQL-injections are considered the most dangerous!) or Cross-site scripting - "Cross-site scripting» (Cross-Site Scripting, XSS).

Multiple mass attacks on "people" Yandex sites occurred in March and April 24-26, 2008 (the eve of the anniversary of the Chernobyl disaster, by the way, Yandex fact attacks have not officially recognized - "payment" for free hosting!). During the attack was modified (infected?) Page code index.htm and main.htm many sites.

When you try to download the infected sites page is loaded http://colehost.cn/update.php That caused page http://colehost.cn/load.php (Incidentally, the domain area. CN belongs to China ...). After this the root of your C: drive PC users to copy the executable file virus (can have an arbitrary name, for example, wingNlDCEH.exe, winwiskXrM2gTjaIz.exe, load.exe, etc.). Panda Antivirus identifies the virus as W32/Nuwar.C.worm; Kaspersky Anti-Virus - like Trojan-Downloader.JS; NOD32 - as win32/Statik; also be identified as IFRAME.Exploit. Along the way, the directory Program FilesCommon FilesSystem can be copied files and virus apcsvra.dll apcsvra.exe.

  Physician, heal yourself!, Or Salvation infected - a handwork infected!
How to eliminate the consequences of the attack:
- Check your PC for viruses;
- Change the password to access their site (unfortunately, on Народ.Ру этот пароль единый – и на почту Яндекса And to have access to the site);
- Download at the source Web page instead of living;
- Inform about the fact of attack the administration hosting provider (this does not guarantee that your site will no longer be subjected to attacks, especially if the site is hosted on free hosting!)
- Always use a firewall and Antivirus (With regularly updated databases!).

  • How to install on your site counter is CY, Witz and the JRC?
  • What is hosting and how to choose?
  • What is advertising miniblok Yandex, or free if free hosting?
  • How to use the service site statistics "LivInterneta"?
  • How to decrypt files encrypted virus Trojan.Encoder?