My website, which I created 100% lines of codes myself, meaning I didn’t use a single plug in, not dreamweaver, not anything, I wrote all the code. Is not accesible for some of my users because your antivirus is not letting them in.
I use the standard HTML5, CSS3, javascrip, php, myql and ajax. Nothing really rare as far as I know.
There is a zero chance that I put any malicious software there, but regardless, I have no way to know what it is that your antivirus is finding hazardous there, please tell me so I can try to fix it. Please email me the answer, I am not sure if I’ll be able to come back here.
Sorry for putting my question here, it probably is not the right forum, but I am not an avast user so those commercial names mean nothing to me.
I see there is something called tracker.php redirected from a malicious IP.
I downloaded my archives from the server and see no references to that thing, so either my server is injecting it, or something is injecting it while the page is being transfered, does any of these make sense?
Well php like any content management software if it isn’t fully up to date it can be vulnerable to exploit. This could be an injection into template pages or into the page when compiled.
If you are responsible for providing the PHP (or other content management) software then you have to keep it up to date, if it is down to your host provider they should keep it up to date.
And even when you get a 404 error from the other end, you could still be infected as instead, it contains malicious JavaScript code on the backend to exploit users when the page is loaded. Read about this trick from Ahmad Azziz on his lab69.blog here: http://blog.lab69.com/2013/01/404-and-youve-been-exploited.html,
so alwayss check these redirects given them in to jsunpack for instance or checking via an urlquery dot net scan. Malcreants are devious and like all devious entities cannot be trusted…