Please help me with my site! :((

Hello everybody! My site is constantly being hacked and broken by posting links to porn sites on some articles :frowning: Please tell me what to do? Can someone help me? Russian version of the site (not English). What vulnerability could it be? It seems to be done without authentication, but in the logs I have not seen that this is done on behalf of some of our administrator. Link to site: https://egmrm.ru . Thanks.

We can answer questions related to your training.

Generally, there are two schools of thought on how to clean the system. One view is that the system should be wiped completely and the operating system reinstalled and then the data restored from backup. This is because It is thought you can never fully know if you have cleaned everything out so wiping it and restarting is the best idea. If you are using containment protection, snapshots and other recovery end point solutions you can restore to a previous known good state. I, for example on Mac, have Carbon Copy. I can restore the whole machine to a known good copy in minutes. If you don’t have a solution like this. You should get one.

This provides the most guarantee (but not 100%% as there are such things as hardware resident malware) that all threats are removed but requires the most work if you don’t have automated recovery solution.

The other option is to remove the threat by deleting the executables that make up the malware and preventing its persistence on the system. This provides less of a guarantee that the system is clean but is less destructive to the system and faster if you don’t have auto-recovery tools. If you are confident that the system is clean then there is nothing wrong with taking this approach.

The Complete Cyber Security Course Volume 4 has a whole section on malware and hacker hunting and removal. Check it out.

Otherwise seek professional help.