In a previous article, we talked about protecting your website’s reputation.
What if your website’s reputation has already been damaged? What’s next? In this series of articles, we’ll be providing some tips about how to fix the problem. In this article, we’ll be talking about malware, or malicious software. This unwanted software can steal information from your or your visitors, delete data, replace your online content with something else or even shut down an entire site.
How Do You Know?
So, how do you know what your website’s reputation is? In case you missed it before, there are a number of tools you can use to check on your website’s reputation. These tools can be used to look up a specific URL to determine the site’s reputation. Use these to look up your own site, or check on a site you are concerned about:
- AVG Website Safety Reports
- BrightCloud URL/IP Lookup
- Google’s Safe Browsing Site Status
- McAfee Site Advisor
- Norton SafeWeb
- Trend Micro Site Safety Center
Now you know what your site’s reputation is, and you don’t like what you saw. What do you do now? Let’s tackle one of the most common sources of a negative website reputation first…malware (malicious software). If your website is currently infected with malware
Plug the Hole
According to a report released last year, “75 percent of legitimate websites have vulnerabilities that potentially expose them — and anyone who visits their sites — to cybercriminals” (source), The first step in dealing with an infected site is to prevent it from happening again.
If your site has been compromised, make sure you change the passwords used to log into the site (for both the FTP connection and any web-based admins for content management systems). While you’re at it, make sure you are using strong passwords.
In addition, make sure any software used on the site is updated. As security vulnerabilities are found in software, vendors make updates to remove these vulnerabilities. If you don’t update your software, though, these vulnerabilities remain. You may need to involve your hosting company in this step if they manage the site software.
The Needle in the Haystack
Usually malware is introduced to your site when either the server or your account security have been compromised and someone has uploaded the malicious software to your site. Now that you’ve changed your password(s) and updated the software (you did that, right?), it’s time to find the malware.
This can be really challenging, since websites involve a lot of code spread across numerous files. There are a couple of approaches to finding your unwelcome guest:
- Website scanner
There is software available that can automatically scan your website files and database for known malicous code, algorithms and backdoor files. These tools will usually provide you with a report of any malware found on your site and many will offer tools to remove the malware. One example of this type of software for WordPress sites that we have used is WordFence.
- Manual review
If you’re really familiar with the code on your site, another option is to manually review the files on the site and look for code you don’t recognize or files that are out of place. As a developer, it’s fairly easy for me to recognize code I don’t recognize in the websites I have developed. One common tool used is the “iframe” tag. This tag can be used to embed external content on your page, including malicious code. This code may not be easy to spot, though, because malicous code is frequently encoded and made difficult to read.
Now that you’re identified your unwelcome guest, it’s time to clean up! Again, there are a number of ways to do this:
- Restore from Backup
You back up your site files, right? If you know when the malicious code was added to your site, you may be able to restore the original files to the version before it happened. Keep in mind, though, that this maycause you to lose any recent updates to the site.
- Use a Website Scanner
As mentioned before, many website scanners also provide tools for removing the malware infection from your site. In the case of the WordFence tool we have used for WordPress sites, the software compares the files on your site to known code in public repositories and can identify altered code. It can then restore the original code from these sources to remove the malicious code. Some tools can also remove sections of code known to be malicious. Some of these tools are web-based, others can download the contents of your site to your computer, repair them locally and then upload them to your site again using FTP.
- Manual Removal
Sometimes malicious code has been introduced that can’t be removed automatically without impacting functionality on your site. In these cases, you will need to have someone go through the code by hand to remove the unwanted code and restore functionality. This can be time-consuming and requires an experienced developer.
If you find out that your site has been compromised and infected with malware (or has in the past), don’t panic! There are options available to find and remove the infection.
If you have any questions, please contact us and we’d be happy to help.
If you’re looking for more information about your website and how you can make it work better for your business, Creative Arcade can perform a free website analysis:
In case you missed it, check out our previous article about website reputation or continue to part 2: next steps in fixing your website reputation.