-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathfaq-malware.html
More file actions
460 lines (438 loc) · 36.1 KB
/
Copy pathfaq-malware.html
File metadata and controls
460 lines (438 loc) · 36.1 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
<!DOCTYPE html>
<html lang="sr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Malware Scanner FAQ / Najcesca pitanja o Malware Skeneru — 30 odgovora</title>
<meta name="description" content="30 answers about our Malware Scanner: how it works, what it detects, Safe vs Full scan, verification, and privacy. · 30 odgovora o nasem Malware Skeneru: kako radi, sta detektuje, Safe vs Full sken, verifikacija i privatnost.">
<meta name="keywords" content="malware scanner faq, hakovan sajt faq, webshell detekcija, urlhaus, seo spam, safe scan, full scan, dnsbl, blacklist provera, index contamination, wayback machine, reputation score, javascript analiza, malware skener pitanja, website security faq">
<meta name="robots" content="index, follow, max-snippet:-1, max-image-preview:large">
<link rel="canonical" href="https://security-skener.gradovi.rs/faq-malware.html">
<link rel="alternate" hreflang="sr" href="https://security-skener.gradovi.rs/faq-malware.html">
<link rel="alternate" hreflang="x-default" href="https://security-skener.gradovi.rs/faq-malware.html">
<meta property="og:type" content="article">
<meta property="og:title" content="Malware Scanner FAQ / Najcesca pitanja — 30 odgovora">
<meta property="og:description" content="How it works, what it detects, Safe vs Full scan, privacy. · Kako radi, sta detektuje, Safe vs Full sken, privatnost.">
<meta property="og:url" content="https://security-skener.gradovi.rs/faq-malware.html">
<meta property="og:locale" content="sr_RS">
<meta property="og:locale:alternate" content="en_US">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:title" content="Malware Scanner FAQ — 30 Q&A">
<meta name="twitter:description" content="Everything about our Malware Scanner in 30 questions. · Sve o nasem Malware Skeneru u 30 pitanja.">
<script type="application/ld+json">
{
"@context": "https://schema.org",
"@type": "FAQPage",
"mainEntity": [
{
"@type": "Question",
"name": "Sta je Malware Scanner?",
"acceptedAnswer": {"@type": "Answer", "text": "Specijalizovani modul naseg skenera dizajniran iskljucivo za pronalazenje indikatora kompromitacije (malware, phishing, backdoor), za razliku od osnovnog skenera koji trazi konfiguracione propuste."}
},
{
"@type": "Question",
"name": "Koja je razlika izmedju Safe i Full skeniranja?",
"acceptedAnswer": {"@type": "Answer", "text": "Safe scan radi pasivnu analizu HTML/JS iz browsera (10+ provera). Full scan zahteva verifikaciju vlasnistva i testira aktivnije: DNSBL blackliste, index contamination, Wayback Machine poredjenje, reputation score."}
},
{
"@type": "Question",
"name": "Da li skener cuva moje podatke?",
"acceptedAnswer": {"@type": "Answer", "text": "Ne. Skener je stateless po dizajnu. Ne cuvamo rezultate skeniranja, ne saljemo podatke trecim stranama, i ne pratimo korisnike. Vas scan rezultat postoji samo u vasem browseru."}
},
{
"@type": "Question",
"name": "Koliko kosta Malware Scanner?",
"acceptedAnswer": {"@type": "Answer", "text": "I Safe i Full scan su besplatni. Jedan besplatan sken na 24 sata. Komercijalni batch paketi za vise sajtova su u pripremi."}
}
]
}
</script>
<link rel="icon" type="image/svg+xml" href="/favicon.svg">
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;600;700;800&display=swap" rel="stylesheet">
<link rel="stylesheet" href="./blog-common.css">
<style>
.faq-container { display: flex; flex-direction: column; gap: 1rem; margin-top: 2rem; }
.faq-item {
background: #12152a;
border: 1px solid #252a4a;
border-radius: 8px;
overflow: hidden;
}
.faq-q {
padding: 1.2rem;
font-weight: 700; color: #e8eaf6;
cursor: pointer;
display: flex; justify-content: space-between; align-items: center;
gap: 0.8rem;
transition: background 0.15s;
}
.faq-q:hover { background: rgba(255,255,255,0.02); }
.faq-q .chev { font-size: 0.8rem; transition: transform 0.2s; flex-shrink: 0; }
.faq-item.open .faq-q .chev { transform: rotate(180deg); }
.faq-a {
display: none;
padding: 0 1.2rem 1.2rem;
border-top: 1px solid rgba(255,255,255,0.05);
color: #7b83a6; font-size: 0.9rem; line-height: 1.6;
}
.faq-item.open .faq-a { display: block; padding-top: 1.2rem; }
@media (max-width: 768px) {
.faq-q { padding: 1rem; font-size: 0.9rem; }
.faq-a { padding: 0 1rem 1rem; font-size: 0.87rem; }
.faq-item.open .faq-a { padding-top: 1rem; }
}
@media (max-width: 480px) {
.faq-q { padding: 0.8rem; font-size: 0.85rem; }
.faq-a { padding: 0 0.8rem 0.8rem; font-size: 0.84rem; }
.faq-item.open .faq-a { padding-top: 0.8rem; }
}
</style>
</head>
<body>
<div class="blog-layout">
<aside class="timeline-nav">
<div class="sr">
<div class="timeline-title">Sadržaj</div>
<ol id="timeline-sr"></ol>
</div>
<div class="en">
<div class="timeline-title">Contents</div>
<ol id="timeline-en"></ol>
</div>
</aside>
<main class="blog-content">
<!-- ==================== SRPSKI ==================== -->
<div class="sr">
<h1>Malware Scanner — FAQ</h1>
<p class="subtitle">30 najcescih pitanja i odgovora o nasem Malware Skeneru: kako radi, sta detektuje, razlika izmedju Safe i Full skena, privatnost i ogranicenja.</p>
<div class="stat-grid">
<div class="stat-card"><div class="stat-num">30</div><div class="stat-label">Pitanja i odgovora</div></div>
<div class="stat-card"><div class="stat-num">15+</div><div class="stat-label">DNSBL lista u realnom vremenu</div></div>
<div class="stat-card"><div class="stat-num">~5s</div><div class="stat-label">Safe scan trajanje</div></div>
<div class="stat-card"><div class="stat-num">0</div><div class="stat-label">Podataka cuvamo o vama</div></div>
</div>
<div class="toc">
<h3>Sadrzaj</h3>
<ol>
<li><a href="#faq1">Opsta pitanja (1-10)</a></li>
<li><a href="#faq2">Tehnicka detekcija (11-20)</a></li>
<li><a href="#faq3">Privatnost, pravno i bezbednost (21-30)</a></li>
</ol>
</div>
<h2 id="faq1">Opsta pitanja</h2>
<div class="faq-container">
<div class="faq-item">
<div class="faq-q">1. Sta je zapravo Malware Scanner?<span class="chev">▼</span></div>
<div class="faq-a">To je specijalizovani modul naseg skenera dizajniran iskljucivo da pronadje indikatore kompromitacije (malware, phishing, backdoor), za razliku od osnovnog skenera koji trazi konfiguracione propuste poput nedostajucih security headera ili SSL problema.</div>
</div>
<div class="faq-item">
<div class="faq-q">2. Koja je razlika izmedju Safe i Full skeniranja?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan radi pasivnu analizu HTML/JS-a iz browsera (10+ provera) bez ikakve interakcije sa vasim serverom osim obicnog ucitavanja stranice. Full scan zahteva dokaz o vlasnistvu sajta (verifikaciju) i testira aktivnije: proverava DNSBL blackliste, index contamination, Wayback Machine poredjenje i racuna reputation score.</div>
</div>
<div class="faq-item">
<div class="faq-q">3. Zasto mi je potrebna verifikacija za Full scan?<span class="chev">▼</span></div>
<div class="faq-a">Full scan vrsi aktivnije provere prema vasem serveru (DNSBL lookup, hidden directory probing). Da bismo sprecili zloupotrebe i napade na tudje servere, dozvoljavamo ga samo vlasnicima sajtova. Verifikacija se vrsi postavljanjem specificnog meta taga ili fajla na vasem sajtu.</div>
</div>
<div class="faq-item">
<div class="faq-q">4. Da li ce skener popraviti moj hakovan sajt?<span class="chev">▼</span></div>
<div class="faq-a">Ne. Skener je iskljucivo "read-only" dijagnosticki alat. Daje vam indikaciju gde je problem, da li ste na blacklisti i koji indikatori kompromitacije su pronadjeni. Sam proces cistenja je na vama ili na profesionalcu koga angazujete. Za vodic o cistenju pogledajte nas <a href="./blog-security-malware-recovery.html">vodic za oporavak</a>.</div>
</div>
<div class="faq-item">
<div class="faq-q">5. Koliko traje jedan sken?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan traje oko 5 sekundi. Full scan moze trajati od 15 sekundi do 1 minuta, zavisno od vremena odgovora spoljnih servisa (DNSBL liste, Wayback Machine API). Ako je vas server spor ili su spoljni servisi preoptereceni, moze potrajati i nesto duze.</div>
</div>
<div class="faq-item">
<div class="faq-q">6. Da li dobijam izvestaj?<span class="chev">▼</span></div>
<div class="faq-a">Da. Nakon zavrsenog skeniranja dobijate Damage Report (Izvestaj o steti) grupisan po kriticnosti: Critical, High, Medium, Low i Info. Rezultat mozete podeliti sa vasim IT timom ili hosting provajderom.</div>
</div>
<div class="faq-item">
<div class="faq-q">7. Koliko kosta alat?<span class="chev">▼</span></div>
<div class="faq-a">I Safe i Full scan su besplatni u osnovnoj varijanti. Imate jedan besplatan sken na 24 sata. Komercijalni batch paketi za vise sajtova (5, 10, 30, 50 domena) su u pripremi.</div>
</div>
<div class="faq-item">
<div class="faq-q">8. Da li mogu da skeniram bilo koji sajt?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan mozete pokrenuti za bilo koji javno dostupan sajt — to je ekvivalent otvaranju sajta u browseru. Full scan zahteva verifikaciju vlasnistva, tako da mozete skenirati samo sajtove koje vi kontrolisete.</div>
</div>
<div class="faq-item">
<div class="faq-q">9. Da li skener radi na sajtovima koji nisu WordPress?<span class="chev">▼</span></div>
<div class="faq-a">Apsolutno. Skener analizira HTML, JavaScript i HTTP odgovore — ne zavisi od specificnog CMS-a. Radi jednako dobro na WordPress, Joomla, Drupal, Shopify, custom PHP sajtovima, statickim sajtovima i bilo kojoj drugoj platformi.</div>
</div>
<div class="faq-item">
<div class="faq-q">10. Koliko cesto treba da skeniram svoj sajt?<span class="chev">▼</span></div>
<div class="faq-a">Preporucujemo nedeljno skeniranje kao minimum. Ako imate e-commerce sajt ili obradjujete licne podatke, razmotrite cesci raspored. Kombinujte nas spoljni sken sa internim alatima (Wordfence, Imunify360) za potpunu pokrivenost.</div>
</div>
</div>
<div class="callout">
<strong>Safe vs Full — ukratko:</strong> Safe scan je brza provera koju mozete pokrenuti za bilo koji sajt. Full scan je dublja analiza samo za vase sajtove. Za vecinu korisnika, Safe scan je dovoljan kao redovna nedeljni provera.
</div>
<h2 id="faq2">Tehnicka detekcija</h2>
<div class="faq-container">
<div class="faq-item">
<div class="faq-q">11. Sta tacno Safe scan proverava?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan analizira: HTML sadrzaj stranice za poznate indikatore infekcije, sve inline i eksterne JavaScript fajlove za sumnjive obrasce, skrivene iframe-ove, linkove protiv URLhaus i OpenPhish baza, cookie i tracking piksele, i form action atribute koji salju podatke na spoljne domene.</div>
</div>
<div class="faq-item">
<div class="faq-q">12. Sta dodatno proverava Full scan?<span class="chev">▼</span></div>
<div class="faq-a">Full scan dodaje: DNSBL proveru vase IP adrese kroz 15+ blacklist baza, Index Contamination analizu (da li Google indeksira lazne stranice na vasem domenu), Wayback Machine poredjenje (da li se sajt promenio na sumnjiv nacin), i racuna agregirani Reputation Score.</div>
</div>
<div class="faq-item">
<div class="faq-q">13. Sta znaci "Index Contamination"?<span class="chev">▼</span></div>
<div class="faq-a">To znaci da je Google indeksirao vas sajt za reci koje vi nikada niste stavili — cesto na azijskim jezicima (Japanese Keyword Hack) ili za farmaceutske proizvode (Pharma Hack). Ove lazne stranice su skrivene od obicnih posetilaca ali vidljive search engine botovima. Proverite sami: ukucajte <code>site:vas-domen.rs</code> u Google.</div>
</div>
<div class="faq-item">
<div class="faq-q">14. Koristite li baze pretnji u realnom vremenu?<span class="chev">▼</span></div>
<div class="faq-a">Da. Konsultujemo URLhaus bazu (abuse.ch), OpenPhish bazu za phishing detekciju, i DNSBL (Real-time Blackhole List) mehanizme putem Spamhaus, SURBL, URIBL, Barracuda i drugih proverenih provajdera.</div>
</div>
<div class="faq-item">
<div class="faq-q">15. Sta NE mozete da detektujete?<span class="chev">▼</span></div>
<div class="faq-a">Mi smo spoljni (remote) alat. Ne mozemo: videti PHP kod na vasem serveru, pristupiti bazi podataka, skenirati fajl sistem, niti detektovati backdoor-e koji ne uticu na frontend. Ako maliciozni fajl postoji na serveru ali ne proizvodi vidljiv efekat na stranici, mi ga necemo pronaci. Za to koristite Wordfence, Imunify360 ili ClamAV.</div>
</div>
<div class="faq-item">
<div class="faq-q">16. Sta je Reputation Score?<span class="chev">▼</span></div>
<div class="faq-a">Agregirani numericki skor koji racunamo na osnovu: starosti vaseg domene, SSL sertifikat statusa, prisustva na blacklistama, DNSBL rezultata i istorije infekcija. Visi skor znaci bolju reputaciju. Nizak skor ne znaci obavezno da ste hakovani, ali ukazuje na povisen rizik.</div>
</div>
<div class="faq-item">
<div class="faq-q">17. Kako radi Wayback Machine poredjenje?<span class="chev">▼</span></div>
<div class="faq-a">Uporedjujemo trenutnu verziju vaseg sajta sa arhiviranim verzijama na web.archive.org. Ako postoje znacajne razlike koje vi niste napravili (dodat nepoznati JavaScript, izmenjeni linkovi, novi skriveni sadrzaj), to je indikator moguce kompromitacije.</div>
</div>
<div class="faq-item">
<div class="faq-q">18. Sta je DNSBL provera?<span class="chev">▼</span></div>
<div class="faq-a">DNSBL (DNS-based Blackhole List) je mehanizam koji prati IP adrese i domene koji su povezani sa spam-om, malware-om ili phishing-om. Proveravamo vasu IP adresu kroz 15+ DNSBL lista (Spamhaus, Barracuda, SURBL, itd.). Ako je vasa IP na nekoj listi, to znaci da je vas server u nekom trenutku slao spam ili servirao malware.</div>
</div>
<div class="faq-item">
<div class="faq-q">19. Da li skeniranje moze da pokvari moj sajt?<span class="chev">▼</span></div>
<div class="faq-a">Ne. Safe scan je ekvivalent posete vasem sajtu u browseru — ne menja nista. Full scan vrsi dodatne DNS lookup-ove i HTTP zahteve, ali su svi "read-only". Skener nikada ne pise, ne menja i ne brise nista na vasem serveru.</div>
</div>
<div class="faq-item">
<div class="faq-q">20. Mogu li dobiti lazni pozitivni rezultat (false positive)?<span class="chev">▼</span></div>
<div class="faq-a">Moguce, ali retko. Najcesci slucaj je legitimni JavaScript kod koji koristi obfuskaciju iz validnih razloga (npr. anti-bot zastita, DRM). Takodje, ako vas server deli IP sa drugim sajtovima (shared hosting), IP moze biti na blacklisti zbog drugog sajta na istom serveru, ne zbog vaseg.</div>
</div>
</div>
<div class="callout callout-warn">
<strong>Vazno ogranicenje:</strong> Nas skener detektuje indikatore kompromitacije vidljive spolja. Negativan rezultat ne garantuje da je vas sajt 100% cist — samo da nismo pronasli vidljive indikatore. Za potpunu sigurnost kombinujte spoljni sken sa internim alatima na serveru.
</div>
<h2 id="faq3">Privatnost, pravno i bezbednost</h2>
<div class="faq-container">
<div class="faq-item">
<div class="faq-q">21. Da li cuvate rezultate mojih skenova?<span class="chev">▼</span></div>
<div class="faq-a">Ne. Skener je stateless po dizajnu. Ne cuvamo rezultate skeniranja, ne saljemo podatke trecim stranama, i ne pratimo korisnike. Vas scan rezultat postoji samo u vasem browseru tokom sesije.</div>
</div>
<div class="faq-item">
<div class="faq-q">22. Ostavlja li IP skenera tragove u mojim logovima?<span class="chev">▼</span></div>
<div class="faq-a">Da. Vas server ce videti posete sa nase IP adrese. Safe scan izgleda kao obicna poseta browsera. Full scan ukljucuje dodatne HTTP zahteve i identifikuje se kao <code>WebSecurityScanner/AuthScan</code> u user-agent stringu.</div>
</div>
<div class="faq-item">
<div class="faq-q">23. Da li je legalno skenirati sajt?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan je legalan jer je ekvivalent poseti sajta u browseru — ne vrsi nikakvu invazivnu analizu. Full scan zahteva verifikaciju vlasnistva, sto osigurava da skenirate samo sopstvene sajtove. Nikada ne skenirajte sajt bez dozvole vlasnika za aktivne provere.</div>
</div>
<div class="faq-item">
<div class="faq-q">24. Sta se desava ako pronadjete malware na mom sajtu?<span class="chev">▼</span></div>
<div class="faq-a">Rezultat vidite samo vi u vasem browseru. Ne objavljujemo nalaze javno, ne obavestavamo trece strane i ne prijavljujemo sajtove. Nasa uloga je iskljucivo dijagnosticka — sta cete uraditi sa informacijom je vasa odluka.</div>
</div>
<div class="faq-item">
<div class="faq-q">25. Da li skener prikuplja licne podatke posetilaca?<span class="chev">▼</span></div>
<div class="faq-a">Ne prikupljamo licne podatke korisnika koji pokrecu skeniranje. Ne koristimo tracking piksele, ne postavljamo identifikacione cookie-je i ne belezimo ko je skenirao koji sajt. Jedini podatak koji obradjujemo je URL koji vi unesete za skeniranje.</div>
</div>
<div class="faq-item">
<div class="faq-q">26. Da li imate rate limiting?<span class="chev">▼</span></div>
<div class="faq-a">Da. Jedan besplatan sken na 24 sata po korisniku (bazirano na browser fingerprint-u i IP adresi). Ovo sprecava zloupotrebe i DDoS napade na servere putem naseg alata. Komercijalni batch paketi za vise skenova su u pripremi.</div>
</div>
<div class="faq-item">
<div class="faq-q">27. Mogu li da koristim skener za testiranje tudjih sajtova?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan da — to je ekvivalent otvaranja sajta u browseru. Full scan ne — zahteva verifikaciju vlasnistva. Ne koristite Full scan za sajtove bez eksplicitne dozvole vlasnika jer aktivne provere (directory probing) mogu biti protumacene kao neautorizovani pristup.</div>
</div>
<div class="faq-item">
<div class="faq-q">28. Sta ako hosting provajder pita zasto ste skenirali?<span class="chev">▼</span></div>
<div class="faq-a">Mozete im pokazati rezultate skeniranja iz vaseg browsera i objasniti da je u pitanju bezbednosna provera vaseg sopstvenog sajta. Safe scan ne ostavlja tragove koji bi se razlikovali od obicne posete, a Full scan se jasno identifikuje u logovima kao security scanner.</div>
</div>
<div class="faq-item">
<div class="faq-q">29. Da li podrzavate HTTPS i sajtove iza Cloudflare-a?<span class="chev">▼</span></div>
<div class="faq-a">Da, skener radi sa HTTPS sajtovima i sajtovima iza Cloudflare, Sucuri ili bilo kog drugog CDN/WAF provajdera. DNSBL provera koristi resolver IP adresu vaseg servera, ne CDN-a, tako da rezultati odrazavaju stvarno stanje vaseg hosting-a.</div>
</div>
<div class="faq-item">
<div class="faq-q">30. Gde mogu da prijavim bag ili predlozim novu funkciju?<span class="chev">▼</span></div>
<div class="faq-a">Nas kod je otvoreno dostupan. Bagove i predloge mozete prijaviti na nasem GitHub repozitorijumu. Takodje nas mozete kontaktirati direktno putem kontakt forme na sajtu. Cenimo svaki feedback jer nam pomaze da poboljsamo alat.</div>
</div>
</div>
<div class="callout">
<strong>Imate problem koji nije pokriven ovim FAQ-om?</strong> Pogledajte nas <a href="./blog-security-malware.html">vodic o malware-u na sajtovima</a> za detaljno objasnjenje pretnji, ili <a href="./faq-malware-recovery.html">Recovery FAQ</a> ako je vas sajt vec hakovan.
</div>
<a href="./malware.html" class="cta">Pokrenite Malware Scanner →</a>
</div>
<!-- ==================== ENGLISH ==================== -->
<div class="en">
<h1>Malware Scanner — FAQ</h1>
<p class="subtitle">30 frequently asked questions and answers about our Malware Scanner: how it works, what it detects, Safe vs Full scan difference, privacy, and limitations.</p>
<div class="stat-grid">
<div class="stat-card"><div class="stat-num">30</div><div class="stat-label">Questions & answers</div></div>
<div class="stat-card"><div class="stat-num">15+</div><div class="stat-label">Real-time DNSBL lists</div></div>
<div class="stat-card"><div class="stat-num">~5s</div><div class="stat-label">Safe scan duration</div></div>
<div class="stat-card"><div class="stat-num">0</div><div class="stat-label">Data stored about you</div></div>
</div>
<div class="toc">
<h3>Table of Contents</h3>
<ol>
<li><a href="#en-faq1">General Questions (1-10)</a></li>
<li><a href="#en-faq2">Technical Detection (11-20)</a></li>
<li><a href="#en-faq3">Privacy, Legal & Security (21-30)</a></li>
</ol>
</div>
<h2 id="en-faq1">General Questions</h2>
<div class="faq-container">
<div class="faq-item">
<div class="faq-q">1. What exactly is the Malware Scanner?<span class="chev">▼</span></div>
<div class="faq-a">It is a specialized module of our scanner designed solely to find indicators of compromise (malware, phishing, backdoors), unlike our main scanner which looks for configuration issues like missing security headers or SSL problems.</div>
</div>
<div class="faq-item">
<div class="faq-q">2. What is the difference between Safe and Full scans?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan performs passive HTML/JS analysis from the browser (10+ checks) without any interaction with your server beyond a normal page load. Full scan requires proof of site ownership (verification) and tests more actively: checks DNSBL blacklists, index contamination, Wayback Machine comparison, and calculates a reputation score.</div>
</div>
<div class="faq-item">
<div class="faq-q">3. Why do I need verification for a Full scan?<span class="chev">▼</span></div>
<div class="faq-a">Full scan performs more active probes against your server (DNSBL lookups, hidden directory probing). To prevent abuse and attacks against third-party servers, we allow it only for verified site owners. Verification is done by placing a specific meta tag or file on your site.</div>
</div>
<div class="faq-item">
<div class="faq-q">4. Will the scanner fix my hacked site?<span class="chev">▼</span></div>
<div class="faq-a">No. The scanner is purely a read-only diagnostic tool. It gives you an indication of where the problem lies, whether you're on a blacklist, and which indicators of compromise were found. The cleanup process is your responsibility. For a cleanup guide, see our <a href="./blog-security-malware-recovery.html">recovery guide</a>.</div>
</div>
<div class="faq-item">
<div class="faq-q">5. How long does a scan take?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan takes about 5 seconds. Full scan can take 15 seconds to 1 minute, depending on response times from external services (DNSBL lists, Wayback Machine API). If your server is slow or external services are overloaded, it may take slightly longer.</div>
</div>
<div class="faq-item">
<div class="faq-q">6. Do I get a report?<span class="chev">▼</span></div>
<div class="faq-a">Yes. After scanning completes, you receive a Damage Report grouped by severity: Critical, High, Medium, Low, and Info. You can share the results with your IT team or hosting provider.</div>
</div>
<div class="faq-item">
<div class="faq-q">7. How much does it cost?<span class="chev">▼</span></div>
<div class="faq-a">Both Safe and Full scans are free in their base version. You get one free scan per 24 hours. Commercial batch packages for multiple sites (5, 10, 30, 50 domains) are in preparation.</div>
</div>
<div class="faq-item">
<div class="faq-q">8. Can I scan any website?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan can be run against any publicly accessible site — it's the equivalent of opening a site in your browser. Full scan requires ownership verification, so you can only scan sites you control.</div>
</div>
<div class="faq-item">
<div class="faq-q">9. Does the scanner work on non-WordPress sites?<span class="chev">▼</span></div>
<div class="faq-a">Absolutely. The scanner analyzes HTML, JavaScript, and HTTP responses — it doesn't depend on a specific CMS. It works equally well on WordPress, Joomla, Drupal, Shopify, custom PHP sites, static sites, and any other platform.</div>
</div>
<div class="faq-item">
<div class="faq-q">10. How often should I scan my site?<span class="chev">▼</span></div>
<div class="faq-a">We recommend weekly scanning as a minimum. If you run an e-commerce site or process personal data, consider a more frequent schedule. Combine our external scan with internal tools (Wordfence, Imunify360) for complete coverage.</div>
</div>
</div>
<div class="callout">
<strong>Safe vs Full — in short:</strong> Safe scan is a quick check you can run on any site. Full scan is a deeper analysis only for your own sites. For most users, Safe scan is sufficient as a regular weekly check.
</div>
<h2 id="en-faq2">Technical Detection</h2>
<div class="faq-container">
<div class="faq-item">
<div class="faq-q">11. What exactly does Safe scan check?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan analyzes: page HTML content for known infection indicators, all inline and external JavaScript files for suspicious patterns, hidden iframes, links against URLhaus and OpenPhish databases, cookies and tracking pixels, and form action attributes that send data to external domains.</div>
</div>
<div class="faq-item">
<div class="faq-q">12. What does Full scan additionally check?<span class="chev">▼</span></div>
<div class="faq-a">Full scan adds: DNSBL check of your IP address against 15+ blacklist databases, Index Contamination analysis (whether Google indexes fake pages on your domain), Wayback Machine comparison (whether the site changed in a suspicious way), and calculates an aggregated Reputation Score.</div>
</div>
<div class="faq-item">
<div class="faq-q">13. What does "Index Contamination" mean?<span class="chev">▼</span></div>
<div class="faq-a">It means Google has indexed your site for keywords you never placed — often in Asian languages (Japanese Keyword Hack) or for pharmaceutical products (Pharma Hack). These fake pages are hidden from regular visitors but visible to search engine bots. Check yourself: type <code>site:yourdomain.com</code> in Google.</div>
</div>
<div class="faq-item">
<div class="faq-q">14. Do you use real-time threat databases?<span class="chev">▼</span></div>
<div class="faq-a">Yes. We consult the URLhaus database (abuse.ch), the OpenPhish database for phishing detection, and DNSBL (Real-time Blackhole List) mechanisms through Spamhaus, SURBL, URIBL, Barracuda, and other trusted providers.</div>
</div>
<div class="faq-item">
<div class="faq-q">15. What CAN'T you detect?<span class="chev">▼</span></div>
<div class="faq-a">We are an external (remote) tool. We cannot: see PHP code on your server, access databases, scan the file system, or detect backdoors that don't affect the frontend. If a malicious file exists on the server but produces no visible effect on the page, we won't find it. For that, use Wordfence, Imunify360, or ClamAV.</div>
</div>
<div class="faq-item">
<div class="faq-q">16. What is the Reputation Score?<span class="chev">▼</span></div>
<div class="faq-a">An aggregated numerical score calculated based on: your domain's age, SSL certificate status, blacklist presence, DNSBL results, and infection history. A higher score means better reputation. A low score doesn't necessarily mean you're hacked, but it indicates elevated risk.</div>
</div>
<div class="faq-item">
<div class="faq-q">17. How does the Wayback Machine comparison work?<span class="chev">▼</span></div>
<div class="faq-a">We compare the current version of your site with archived versions on web.archive.org. If there are significant differences you didn't make (added unknown JavaScript, changed links, new hidden content), it's an indicator of possible compromise.</div>
</div>
<div class="faq-item">
<div class="faq-q">18. What is a DNSBL check?<span class="chev">▼</span></div>
<div class="faq-a">DNSBL (DNS-based Blackhole List) is a mechanism tracking IP addresses and domains associated with spam, malware, or phishing. We check your IP against 15+ DNSBL lists (Spamhaus, Barracuda, SURBL, etc.). If your IP is on a list, it means your server has at some point sent spam or served malware.</div>
</div>
<div class="faq-item">
<div class="faq-q">19. Can scanning break my site?<span class="chev">▼</span></div>
<div class="faq-a">No. Safe scan is equivalent to visiting your site in a browser — it changes nothing. Full scan performs additional DNS lookups and HTTP requests, but all are read-only. The scanner never writes, modifies, or deletes anything on your server.</div>
</div>
<div class="faq-item">
<div class="faq-q">20. Can I get a false positive?<span class="chev">▼</span></div>
<div class="faq-a">Possible, but rare. The most common case is legitimate JavaScript code that uses obfuscation for valid reasons (e.g., anti-bot protection, DRM). Also, if your server shares an IP with other sites (shared hosting), the IP may be on a blacklist because of another site on the same server, not yours.</div>
</div>
</div>
<div class="callout callout-warn">
<strong>Important limitation:</strong> Our scanner detects indicators of compromise visible from the outside. A negative result doesn't guarantee your site is 100% clean — only that we found no visible indicators. For complete assurance, combine external scanning with internal server-side tools.
</div>
<h2 id="en-faq3">Privacy, Legal & Security</h2>
<div class="faq-container">
<div class="faq-item">
<div class="faq-q">21. Do you store my scan results?<span class="chev">▼</span></div>
<div class="faq-a">No. The scanner is stateless by design. We don't store scan results, don't send data to third parties, and don't track users. Your scan result exists only in your browser during the session.</div>
</div>
<div class="faq-item">
<div class="faq-q">22. Does the scanner IP leave traces in my logs?<span class="chev">▼</span></div>
<div class="faq-a">Yes. Your server will see visits from our IP address. Safe scan looks like a normal browser visit. Full scan includes additional HTTP requests and identifies itself as <code>WebSecurityScanner/AuthScan</code> in the user-agent string.</div>
</div>
<div class="faq-item">
<div class="faq-q">23. Is it legal to scan a website?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan is legal as it's equivalent to visiting a site in a browser — it performs no invasive analysis. Full scan requires ownership verification, ensuring you only scan your own sites. Never scan a site without the owner's permission for active checks.</div>
</div>
<div class="faq-item">
<div class="faq-q">24. What happens if you find malware on my site?<span class="chev">▼</span></div>
<div class="faq-a">Only you see the result in your browser. We don't publish findings publicly, don't notify third parties, and don't report sites. Our role is purely diagnostic — what you do with the information is your decision.</div>
</div>
<div class="faq-item">
<div class="faq-q">25. Does the scanner collect personal data?<span class="chev">▼</span></div>
<div class="faq-a">We don't collect personal data from users who run scans. We don't use tracking pixels, don't set identifying cookies, and don't log who scanned which site. The only data we process is the URL you enter for scanning.</div>
</div>
<div class="faq-item">
<div class="faq-q">26. Do you have rate limiting?<span class="chev">▼</span></div>
<div class="faq-a">Yes. One free scan per 24 hours per user (based on browser fingerprint and IP address). This prevents abuse and DDoS attacks on servers through our tool. Commercial batch packages for more scans are in preparation.</div>
</div>
<div class="faq-item">
<div class="faq-q">27. Can I use the scanner to test other people's sites?<span class="chev">▼</span></div>
<div class="faq-a">Safe scan yes — it's equivalent to opening a site in a browser. Full scan no — it requires ownership verification. Do not use Full scan on sites without explicit permission from the owner, as active probes (directory probing) may be interpreted as unauthorized access.</div>
</div>
<div class="faq-item">
<div class="faq-q">28. What if my hosting provider asks why I scanned?<span class="chev">▼</span></div>
<div class="faq-a">You can show them the scan results from your browser and explain it was a security check on your own site. Safe scan leaves no traces different from a normal visit, and Full scan clearly identifies itself in logs as a security scanner.</div>
</div>
<div class="faq-item">
<div class="faq-q">29. Do you support HTTPS and sites behind Cloudflare?<span class="chev">▼</span></div>
<div class="faq-a">Yes, the scanner works with HTTPS sites and sites behind Cloudflare, Sucuri, or any other CDN/WAF provider. The DNSBL check uses the resolver IP address of your actual server, not the CDN, so results reflect the true state of your hosting.</div>
</div>
<div class="faq-item">
<div class="faq-q">30. Where can I report a bug or suggest a new feature?<span class="chev">▼</span></div>
<div class="faq-a">Our code is openly available. You can report bugs and suggestions on our GitHub repository. You can also contact us directly through the contact form on the site. We value all feedback as it helps us improve the tool.</div>
</div>
</div>
<div class="callout">
<strong>Have a question not covered in this FAQ?</strong> Check our <a href="./blog-security-malware.html">guide on website malware</a> for detailed threat explanations, or the <a href="./faq-malware-recovery.html">Recovery FAQ</a> if your site has already been hacked.
</div>
<a href="./malware.html" class="cta">Run the Malware Scanner →</a>
</div>
<div class="nav-links">
<a href="./blog-security-malware.html"><span class="sr">Malware na sajtovima</span><span class="en">Website Malware</span></a>
<a href="./blog-security-malware-recovery.html"><span class="sr">Oporavak hakovanog sajta</span><span class="en">Hacked Site Recovery</span></a>
<a href="./faq-malware-recovery.html"><span class="sr">Recovery FAQ</span><span class="en">Recovery FAQ</span></a>
<a href="./blog-security.html"><span class="sr">Bezbednost sajta</span><span class="en">Site Security</span></a>
</div>
</main>
</div>
<script src="./blog-common.js" defer></script>
<script>
document.querySelectorAll('.faq-q').forEach(function(el) {
el.addEventListener('click', function() {
var item = this.closest('.faq-item');
item.classList.toggle('open');
});
});
</script>
</body>
</html>