Procedure for detecting a virus on the site
Recently, the network recorded high activity of the virus that exploits Internet Explorer vulnerabilities. Being located on the local computer, it “eavesdrops” the passwords of FTP and some other services, and then sends it to a remote server using an HTTP request. From this remote server, the connection is made using stolen passwords and the content of the site is changed – writing in the index files links to malicious programs located on some external server.
Check your index page for any suspicious links.
If you have suffered from such a virus, we recommend that you immediately change the FTP access passwords, and also check all the computers with which it was run with the latest anti-virus software.
We also recommend using the SFTP protocol for file transfer whenever possible. If you work with an FTP server only from certain IPs, you can use the .ftpaccess configuration file to deny access from other IPs.