Internet criminals install drive-by code on websites by exploiting security loopholes in content management systems and using hacked access details. Once drive-by code is installed on a site, it attempts to load malware onto the computers and mobile devices of people visiting that site. In most cases, this happens without the visitors or their anti-virus software noticing.
The drive-by code is not visible at first glance. It can only be found in the website’s source code. Check your website with software that scans for malware and vulnerabilities, such as Sucuri. Instead of using the browser, call it up via the FTP address and search for any changes to the files.
Cleaning up manipulated websites
If your website has been infected, seek professional assistance immediately from your hosting provider or your webmaster. Drive-by code must always be removed in full. If this is not possible, the only option is to install an uninfected backup. Take a look at our five tips to see how you can identify and remove further vulnerabilities.