Than to clean the scripts from the virus?

In General, through a hole protrayl site scripting in WP.
Than clean what are the solutions?
spoiler
5e970265b55c1242844753.png
3 answers
April 19th 20 at 12:10
It would be better peronality to clear my conscience.
April 19th 20 at 12:12
They also cleaned. But best of hands every file.
There is a function? - alicia4 commented on April 19th 20 at 12:15
@alicia4, some hosters are integrated into the control panel with wipe functions. Only he can and it is a mistake to remove something. Better to roll back to a backup of a working version. At least files. If the structure has not changed. To collisions with the base was not. - keira.Huel commented on April 19th 20 at 12:18
@keira.Huel, well, then as usual, a moped is not mine, but the backups there. and the hoster does not clean - alicia4 commented on April 19th 20 at 12:21
@alicia4, then handles. - keira.Huel commented on April 19th 20 at 12:24
25 hands easier to clean than a script to write - heidi_Schu commented on April 19th 20 at 12:27
@heidi_Schu,
+ 214 - keira.Huel commented on April 19th 20 at 12:30
a reference to the html report file
And jobseeke the virus is not marvelouse it through ETS - heidi_Schu commented on April 19th 20 at 12:33
April 19th 20 at 12:14
Good afternoon. Here are instructions that you can do in your case.
If a website is not working as it should be, it may a consequence of the activity of malicious scripts.
To solve the problem with malicious inserts and scripts, follow the instructions (from simple to more complex):

Check out the website online https://sitecheck.sucuri.net/. This test can indicate a problem.
If the web site you recently installed additional software (plugins / themes), make sure that the source of this software is reliable.
Make sure that all plugins and themes that are currently being used on the site are not at risk and do not contain critical vulnerabilities.
Make a list of all your plugins.
Go to Google search -> Tools -> search for the last 3 months.
The search string "IMAPLOGIN critical vulnerability". This search will help you determine whether there was recently a critical vulnerability that could lead to hacking of the websites of your CMS.

Log in to the database or phpmyadmin in the control panel. Check the number of users, especially administrator rights. If there's a suspicious user, remove them.
Delete all the files from the root directory and database of website. Restore the website from backup.
Change the password to the hosting panel, control panel of the website, the database (you'll need to reconfigure the database connection in the code of the site).
Install a security plugin for your CMS. For wordpress sites, install iThemes Security.
Propargite access logs of the site to POST requests.
Contact your hosting company and ask for assistance in removing viruses and fixing vulnerabilities. This will most likely be a paid service.
Check the website for viruses and clean it.
Use the utility ai-bolit from revisium.
Download ai-bolit and run the test. Example:
php /root/aibolit/ai-bolit.php \
--size=900K \
--mode=2 \
--path=/var/www/directory_before_website/your_website/ \
--report=/var/www/directory_before_website/your_website/vir.html \
Malicious scripts can also be outside of the root directory of the website, so check the catalog to a higher level is a good practice. Change the key path: --path=/var/www/putlet/ You can access the report through the link: your_site.ru/vir.html Review the report and clean the site from malicious insertions.
Clean the database from malicious insertions.
Manually check your website for malware and vulnerabilities.
After cleaning the site from viruses, antishell configure script.
Antishell checks the website for changes in the code and sends an email report if any changes were made. Using Antiblock, you can identify the time of injection and which scripts have been hacked. Having a specific breaking time, you can analyze access logs to find the IP address of the villain and his requests to the web site.
Make a backup copy of the site, cleared of inserts.
Download antishell.
Unzip the archive into the root of the site to obtain the following structure: /your_site/antishell/antishell.php
Configure antishell.php (setup intuitive).
Configure the cron scheduler to run the script every 5 minutes:
php /var/www/directory_before_website/your_website/antishell/antishell.php
Once the file(s) to the website will be changed and cron will run a check antishell, you should receive a letter.

Find more questions by tags WordPressProtection against hackingAntivirusesvirusesHosting