1

I am working on project on localhost which is built using Php (codeigniter framework) but I t was working fine but last two days whenever I access my localhost project getting warning like "localhost project showing this site is deceptive" and turn screen read, this happen with only one project rest of the projects working fine, so I googled it and found it happen due to virus or malware attack I don't know how to solve this issue,could any one suggest what should I don now?

user_1234
  • 741
  • 1
  • 9
  • 22
  • Your code is under source version control, right? RIGHT? – Theraot May 08 '20 at 04:15
  • @Theraot no ,4 days back I got it from colleague to continue development – user_1234 May 08 '20 at 04:18
  • why it is showing ,is it affected by virus,even I tried anti malware scanner to check suspecious script – user_1234 May 08 '20 at 04:19
  • Home security antimalware are not very good at identifying malicious server side scripts. They see a text file. Addendum: Try searching for recently modified files. You may have to do a full source audit. You may also try running a diff tool with a copy from your colleague. Oh, if your code is not obfuscated (I suppose it isn't), and you see a bunch of what appears to be gibberish, that's probably it. – Theraot May 08 '20 at 04:22
  • Do I need to check all php files in my project? – user_1234 May 08 '20 at 04:28
  • 1
    You can prioritize. Check what have changed recently first. If you can run a diff tool, you would know what files have not changed. Also, the malware is likely to be close to the code that handles requests, unlikely to be deep in business logic. You may also re-download any third party code and replace it, that would save some work. *Yes, been there, done that. Use source control next time... or right after this gets fixed, I should say.* – Theraot May 08 '20 at 04:30
  • It is not *necessarily* malware. There are some duplicates here with suggestions, eg https://superuser.com/questions/1320836/deceptive-site-ahead-unanalytics-com (check comments and all answers). Remember Chrome can't actually see your code, only the rendered HTML and JS, so it is maybe seeing something that looks somehow suspicious ... hidden credit card inputs? Somehow dodgy login form? – Don't Panic May 08 '20 at 04:48

0 Answers0