I created a simple PHP site for a friend last year. I went to check out the site yesterday and when the main page loads up, my AV software (Avira Antivir) raises an alarm about a JS/Redirector.A malware infection. The message seems to indicate that one of the CSS files is infected.
I’m obviously going to go through all the code on the site–that CSS file in particular–to figure out what’s going on. But I’m wondering if there is some obvious thing I should be doing to prevent these kinds of attacks. I ask because we had a form injection attack on the same site last year (apparently, I don’t know enough about PHP security), which I thought I fixed.
In addition to the main things I should check/fix, if there are any recommendations for software (ideally free or affordable) that will scan a site for these types of attacks and recommend fixes, I’d appreciate hearing your thoughts. I’ve seen several products out there (parosproxy is one), but don’t know which ones are better than others. Thanks…
For a starter check these two pages
PHP and the OWASP Top Ten Security Vulnerabilities
PHP Top 5 Security Flaws
Check for every unsafe use of
$_POST,$_GET,$_REQUESTvariables.Check if the e.g. FTP- or “management console” passwords for the site weren’t compromised (try changing them to something safe/difficult)