Ask a question by email +7 (495) 649-53-54
All payment methods
Image

Knowledge base → Search and remove malicious scripts (viruses) from the website

[Shared hosting]
Date of publication: 21.10.2025

Websites built on popular CMS platforms are most frequently subjected to virus infections. When it comes to website infections, attackers typically pursue goals such as sending spam using hosting resources, or spoofing registration and payment forms to intercept data.

Since most websites process payments on the gateway side rather than on the site itself, credit card theft is usually a rare occurrence. More often, regular websites are hacked for spam distribution and the creation of botnets, which are then sold or rented out as DDoS botnets.

If your hosting provider or you yourself notice activity from such scripts, it's necessary to perform a full website scan for viruses. In this article, we will outline several ways to do this.

1. Antivirus Scan on Your Own PC

Download the entire website by archiving all files. This can be done in your hosting control panel's file manager. Select the website's root folder (by default, for the first website, this is httpdocs) and create an archive using the file manager menu.

Download and extract the archive, then run an antivirus scan. Note the files that trigger warnings and manually inspect their code.

Do not leave the created backup in the root directory or name it with typical names, as bots scan for common names in root and standard folders.

You need to check files for suspicious code, such as the presence of base64. In most cases, so-called backdoors and other malicious scripts are encoded this way.

Not everything in base64 is a virus; sometimes small icons for the website and admin panel are stored this way for convenience.

2. Difference by Modification Date

When a website is installed, all files (with the exception of article photos, etc.) will have the same creation date – meaning the creation date and time for almost all files and folders on the site will be identical. If you have recently updated your CMS or its plugins, the date will reflect that update.

Based on this fact, it's easy to find files with differing dates and check them, especially if you haven't performed any updates.

3. Third-Party Scanning Scripts

There are also many scripts available online for scanning websites for viruses; the Aibolit script was popular at one time. Use them if you trust them, and check reviews before deploying and running them.

4. CMS Verification and Reinstallation

The most reliable way to get rid of viruses is to copy your website to a separate folder, perform a clean installation of the CMS, and then manually transfer all necessary data, such as the template and database. This method is the best solution, especially if the site was infected due to a long absence of updates.

5. Reviewing Event Logs

In one way or another, all events and requests are recorded in log files, including the execution of scripts by attackers. Check the access_log file for content and suspicious scripts.

To avoid such incidents, it's crucial to timely update your CMS and its modules, and to use correct permissions for files and folders.




No Comments Yet