Website security tips – What to do if website is hacked or malware infected
| Tweet | Share |
How to detect malware ? Find out if your site is hacked.
First off, if you want to find out if Google found suspicious code on your site, use the following URL, appending your domain name to the end part.
http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://www.dailyseoblog.com
Surprisingly many of the times, when a site is hacked, (I don’t mean the ones like Twitter gets once a while, where you get a totally different homepage) webmasters don’t realize that the site is hacked. This is because only a part of the site is hacked, and you know it only when you see a dip in traffic / indexed number of pages.
So the important factor is to identify a hack, as soon as possible, so that you can do all that you can do minimize the ill-effects that may occur.
1. Sudden drop in number of indexed pages
When I say drop, I mean a huge one like in thousands. Indexed number of pages are heavily fluctuated and if you take it seriously can cause unnecessary worries. But if you see that either a huge part of your site is not showing up in the google live index, OR your main pages don’t show up on the live SERPs (with a direct key phrase match) , then you might want to consider worrying.
2. Heavy dip in traffic
Mostly accompanied by a hack is dip in search engine traffic as Google would’ve already found the hacked pages and took the site out of index. You don’t want to let this happen to your site.
3. Google Webmaster Tools shows weird pages
Google Webmaster Tools are pretty quick in detecting malware on sites. And it has a lab feature where all the suspected malware code will be shown.
4. Site shows up for “black listed search queries”
When you search for phrases like “viagra” (unless you;re using them in some context) with your site: command search, your site shows up pages. That’s the last thing you want to see.
What should a webmaster do if he finds his site malware infected.
Step 1 – Check for security configuration on your servers. Check for Directory permission and Apache security. Find more details here.
Step 2 – Remove all outgoing links from the user generated areas of your site. Because, this area is often exploited by hackers. It wont in most probabilities clear the site of malware, but it will stop future risk.
Step 3 – Remove all Ad scripts running on the site. Many a times invisible iframes are used via advertisement codes used on your site without your knowledge, the best option is to keep away from such ad codes (especially from less reputed vendors) but if you end up in a situation, remove them.
Step 4 – Switch from Telnet and FTP to SFTP.
Telnet and FTP are both considered insecure because of their use of plain text protocols. They transmit usernames and passwords in a way that anyone with access to the network can read.
Step 5 – Take the site offline temporarily.
If you can’t get things back to normal, take it temporarily offline, so that Google don’t index more hacked pages and end up in more confusion. Then best way out is to issue s 503 status.
Step 6 – Let Google know that something has screwed up
You can let Google know that one or more URLs in your site has been compromised and you want to take it/them down. Use the URL removal tool from Google Webmasters Tool.
Step 7 – Fix what is wrong
If you can manually fix all the malware, well and good. Generally malware affects only parts of your site, like a footer.php or header.php. In such cases you can manually edit out the bad areas and roll back to fresh code. And once you’re completely sure that things are under control, request a malware review for the site.
Step – 8 Request a malware review from Google
- Go to Webmaster Tools Home page, select your site.
- In the Parts of this site may be distributing malware message, click More details.
- Click Request a review.
If your site is completely screwed and Google has taken you down from the live index, you should think about clearing your site of possible malware by manually checking all the codes and once everything is safe, request a re-inclusion request.
How to prevent future malware problems ?
- Stay away from using WordPress/CMS themes, templates that have not been verified. Some themes (which are even available on popular sites) contain hidden code, that you won’t even realize.
- Do not entertain non-reputed vendors to publish ads on your site. Especially with Javascript code.
Some Additional CMS Security Tips
WordPress – Tips to increase security in WordPress
Joomla – Security Checklist for Joomla
Drupal – Security Tips
Php Nuke – Security Tips
When my sites were hacked a while ago, Kaspersky was the first thing to notify me about the problems. I was going to take a look at a change I made to my site, and Kaspersky alerted me that the site contained malicious coding, which I was able to get out. I trust that software to catch problems on websites before they are able to latch onto my computer.
Excellent post!
To add to this, we always recommend regular vulnerability and malware scanning services (which we offer) to all sites. We scan for over 100,000 malware patterns, and over 30,000 web vulnerability exploits. It is important to regularly scan in order to be on top of newer exploits.
Our customers know before the vendors do in most cases as to when there is a hole. This affords the ultimate in protection. We offer daily, weekly, biweekly and monthly scanning options, which you choose based on your risk quotient.
All in all, regular scanning is an important preventative measure for any site that is important.
Jason Remillard
Managing Director – 54f3.com
http://www.54f3.com
reat thanks for sharing your knowledgeHence the censorship of apps that mention the Dalai Lama. Never mind how much you might think of the Nobel Peace Prize-winner as a calm, rational, happy and enlightened soul: In China he’s a dissident, a figure for fomenting political dissent. Hence Apple has to agree to censor apps that pertain to the little guy.
Excellent post! It will really help us in detecting the problem if there is any .It will help sites from seo point of view too! It will help optimization of the site.
Once one of my blog got this message due to a wrong code from a PPC network.
I have only just realised the importance of having a different FTP password from my site website account – now all changed
I had this issue 2 months back, my site dropped from page 5 to almost 30 in a week
Love your post, my site was infected before with malware and was blocked by Google. It took a while before I was able to solve the problem, now, I have a reference just in case it happens again..but hopefully not. Thanks for sharing.
I hope my site doesn’t get hacked but at least now i will know what to do if that day ever comes.
Twitter: officestolet
This seams to have been a growing problem over the last month or so. I found having my site listed in Google Web Master Tools meant google pointed the problem out straight away, it also identified the problem and rouge code and told be how to resolve – an excellent service – in this case faultless. Cheers for another great article