: How can I scan a HTML website for malicious links/scripts? I designed a website using a free HTML templates. Up until now I used to trust the free templates I found online... Recently, one
I designed a website using a free HTML templates. Up until now I used to trust the free templates I found online...
Recently, one of these websites has received a lot of visits from Russia in a way that is obviously spam (Google Analytics reports that the visits last less than 10 seconds, there are hundreds of them, etc).
I did some research, and I now believe that this is due to some malicious script buried in one of the theme's files that I didn't see while working on implementing them.
Is there a simple way (not through command lines, ideally) to scan the website's files, or a list of the processes which are launched when one accesses the site, to troubleshoot where such malicious code snippet is located?
I already tried to search with text strings in all of the site's files (which are stored in a folder backed up in my computer), using a software called EasyFind that can search within text/html/css files, but I don't know if it looks also into JS files.
I also looked at a couple of webmasters.SE posts but they didn't quite relate.
I also looked into this solution, which I applied, and I am waiting to see if it'll work.
But I'm trying to find a way to troubleshoot this kind of spam earlier - maybe while developing the website from a template, so as to kick out the malicious parts of free templates.
The website is here. It's a serious question, and I'm sincerely hoping to get help, so please instead of down-voting, make a comment to improve it. Thanks
More posts by @Murray432
3 Comments
Sorted by latest first Latest Oldest Best
I use xenu link sleuth to crawl websites for broken links but it would also tell you outbound links.
If you are using files with the js extension then you might also want to look at the source.
Another possibility is that a Google Analytics Spam bot or other Bad Bots crawled your site and such bots showed up in your analytics data. You can filter those out of you site data in Google Analytics.
Is there a simple way (not through command lines, ideally) to scan the website's files, or a list of the processes which are launched when one accesses the site, to troubleshoot where such malicious code snippet is located?
I ran your site through webpagetest.org and the results are here:
www.webpagetest.org/result/150721_YH_191X/1/details/
There you will see that a chrome web browser from Montreal Quebec Canada accessed your site once and attempted to load every file that is part of it. Items highlighted in red indicate files your HTML requested that were not found.
Then youll have to check each of those files individually (mainly ones ending in .js) for anything that refers to the malicious links. start by searching each file listed for "http://" or "https://" or even "www.", or better yet, if you know actual URLs of the malicious links, search for the URL or even the domain. Many Text editors have a find text functionality built in.
If you have found something and its inside third-party code such as jquery, then download the code again from the original source, not an untrusted third-party source.
As far as just receiving visits from Russia, Its quite possible that someone is using a proxy and connecting to the internet through it and then connecting to your site via the proxy. Webpagetest.org gives users the ability to test any website from servers in Russia.
If the visitors from Russia you speak of happen to have the same IP address and they always cause a problem and you're certain none are genuine guests, then you can safely block the IP address.
Spammy looking visits are unlikely to be due to the code on your site. A lot of website are affected by this spam traffic, usually lasting less than 10 seconds with a bounce rate around 100%.
These visits are often a traffic generation strategy to trick webmasters to look at the referral source for the visits, usually these redirect to some sort of purchase page / affiliate site.
Unless these visits are eating a load of resource (unlikely) then there's no real issue here other than skewing stats in Google Analytics. If you can determine the IP addresses of these visits you can filter them from your GA reports - support.google.com/analytics/answer/1034840?hl=en
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.