Malware Attack: Website Hacked? – What To Do Now

Malware Attack - What to do now

Wake up in morning, opened your website in browser and got message “This Website contains Malware, This site may harm your computer.”  on your website. Are you Worried? Why Google suddenly flagged your site, then it’s a virtual certainty that your website is serving malware and probability that your site has been hacked.. 😦 That is, there are files on your website that have been modified to include malicious software called “malware”. But many webmasters have little experience dealing with this level of security issues, so this is a useful guide for inexperienced webmasters to dealing with Malware.

  • Start the recover process by performing a thorough virus scan of the system (PC) that you use to create your website. It is very important to have a secured system while connecting to FTP or updating files. Please insure that you have removed all virus on your computer that can be used to edit the files for your local website files or to steal your FTP account user name and password information. This insures that your computer won’t simply be re-infecting your website once you’ve cleaned it. Most people use anti-virus software as a matter of course, so it’s important to supplement this process with software that you do not use on a regular basis to be sure that no infections have gotten past your regular anti-virus software. There are several good free anti-virus or malware scanning programs available online. You can use any antivirus like Microsoft Malware Removal Tool, Windows Malicious Software Removal Tool 4.16, Avast, AVGMcAfee or Malwarebytes’ Anti-Malware to scan your computer and remove all suspicious files. 
  • Change the passwords of all FTP Accounts for the website. FTP accounts are easy target for hackers for Virus/ Malware Injection to the website. Changing your password on a regular basis is also a good security practice in any case.
  • Delete all of the files from the server. The best way to remove an infection is to wipe the server clean, because hackers often add files or code snippets to a site that either infects the webpages or opens a backdoor to the site and bypasses all security mechanisms for manual access. The only files that remain uninfected by this malware attack are your mySQL database files, since they’re almost always on a separate server and are rarely a source of malware. But if you have recently taken back-ups of your mySQL data files, you should also restore the backup version of database files on the server. Its always recommended to have regular backup mechanism for website files and databases.  
  • Restore the backup files of website from local back-ups. Check the malware warning from Google to see which pages they marked as suspicious, and manually check to see that your local copies of those files are clean. It’s also a good idea to check the last modification date on the local files to see if they appear to match the dates when you last updated them. If all is well, you can go ahead and restore the site by uploading the files.
  • Update all add-ons, Plugins, blog, CMS/LMS and all other scripts that you use on your website to the latest version. Most hackers gain access to websites by exploiting known vulnerabilities in older versions. The people who make these scripts are usually very good at keeping up with hackers, but you need to watch to see when updates are released and install them as soon as possible. Once you’ve updated the scripts on your website, be sure to update your local copy as well.
  • File a Malware Review Request through Google’s Webmaster Tools console. Once you’re sure your site is free from any infected code and content, you can request a malware review. On the Webmaster Tools Home page, select the site you want. Click Health, and then click Malware. Google will periodically re-scan a site to see if the problem has been repaired, of course, but that can take quite some time. Filing a Review Request gets your site examined much sooner and will usually get the malware warning removed within a few days (often sooner, but…).

Website Malware Attack Prevention Checklist

You should also make the following a part of your regular maintenance schedule to insure the ongoing security of your website:

  • Make complete back-up copies of your website files and database files at least once a month.
  • Keep latest version of all plugins/scripts on the website. Its recommended to update to all of the popular scripts/plugins that your website at least every two weeks.
  • Keep your computers which you use for FTP/File updation on webiste Malware/Virus free. Run anti-virus scans of your computer atleast once a week. Keep latest version of antivirus in your computers.
  • Check Google’s Safe Browsing diagnostic tool at least once a month and whenever your site’s traffic takes an unusual dip.
  • Keep changing the website’s FTP login credentials at least twice a year. Its recommended not to use unique passwords for FTP accounts. (Unique Password means don’t use the same password that you used for FTP anywhere else.)
  • Keep track on website traffic. If you find any suspicious activity on website from any IP address, then block then IP address. You can use Google Analytics to keep track on website traffic.
  • Scan your server log files regularly for unusual 404 errors which can indicate someone is probing your site for security flaws. Then ban the IP addresses of any suspicious users in your .htaccess file.