Malware Attack on Website

Home >> Blogs >> Malware Attack on Website >>
Florida Web Media's picture
website tuneup

You’ve launched your website and a few months later your site is showing up in Google search result page. You are happy and excited, which you should be. However, one day you've noticed that every time you try to access your website from Google search result page, you get a warning message saying "this web page has been reported as an attack page and has been blocked on your security preferences." This warning is not a punishment nor does it mean that Google thinks you designed a malicious site.

Security firm Symantec reports that 61% of malicious websites are legitimate sites compromised by malware attack.

So what just happened and how did it happen? – You wonder. No doubt that your website has been infected with malware! Someone (a spammer or a hacker) was able to exploit security vulnerability of your website or web host which has allowed him to change the content of your website by adding spam or injecting malicious code. The most common types of infections on compromised websites are malicious scripts, iFrames, and .htaccess redirects. Harmful scripts and iFrames pull content from another website that tries to attack any computer that views the page. Alternatively, due to poor web hosting security, a hacker can alter your website’s .htaccess file to redirect your site visitors to a poisoned website, where malicious software is often installed without their knowledge or permission. Thousands of websites have been unwittingly poisoned with malicious code that infects web visitors who visit those compromised websites.

You now have two issues to resolve. First, you have to identify where exactly on your website the malicious code has been injected and remove it. Second, let Google know that you have cleaned the malware from your website, and request Google to review your website and lift the warning message so that your site visitors can come to your website without hesitation.

Identifying malware on your website

  • As soon as you find out that your website has been compromised, take your website offline to prevent your site from infecting others and to prevent hackers/spammers from further exploiting the system.
  • After you take your site offline, make sure to configure your web hosting to return a 503 status code. Google suggests that taking your site offline is better than using robots.txt to prevent search engines from being crawled.
  • Contact your web hosting provider to check if the attack affects other sites they host, and ask them to address the problem.
  • Change the passwords for all users and accounts such as FTP access, administrative login, CMS login etc. If you’re not sure or don’t have access to these accounts, contact the person or company who created your website for you.
  • If you have a clean backup of your site, you may be able to restore the site by re-uploading all of the site's files and database.
  • If you do not have a clean backup of your site, manual removal of the malicious code may be your best option. Download your entire website content (including hidden files) from your web server via FTP. But before you download, make sure your anti-virus software is up-to-date. Then scan all downloaded files using your computer’s anti-virus software. Anti-virus will most likely identify the files that are infected.
  • Scripts and iFrames that have been injected in HTML pages are inactive and cannot do any harm to your computer unless you open the infected HTML files in your web browser. You need to open infected HTML pages with a notepad application, search your source code for scripts and iFrames that look unfamiliar and remove it. Once all the files are scanned and cleaned, upload them back to your web server.

Ask Google to review your site and lift it from their blacklist

You need to login to your Google Search Console (also known as Google Webmaster Tools) account. If you don't have an account there, create one for free with your gmail account and then register your website there. Google Webmaster Tools will show you the malware status of your site under Health > Malware section located on the left sidebar. You’ll find information regarding malware attack and a partial list of the pages they consider suspicious. You can request a malware review of your site. Google will check your site and will remove the warning label that appears in your site's listing on the search results page if no malware is detected. This process can take a day or two - so be patient.

We’ve just explained most common malware attacks on website and how to remove it. However, there are more complex attacks that require expert knowledge. Don’t take these website malware attacks lightly. Take immediate actions as soon as you notice it. If you need help, contact Florida Web Media today at (561) 291-9932.