Dealing With Malware

By Andre van Wyk

Over recent weeks, or even months I should say, I have been cleaning sites where malware and related issues have arisen. Arguably this topic is not the most exciting to read about, it is extremely important, as a malware infection can have a direct impact upon your rankings and your traffic.

Background

I predominantly use Chrome, as my default browser for a number of reasons, and within this context Chrome will also provide a malware warning for a site that you may be visiting (see below).

Chrome-Malware-warning

Perhaps a little off topic but nevertheless, based upon the latest browser usage stats, as a site owner you should be checking your site on the most widely used browsers anyway, which according to the above statistics are in the following order – Chrome, Firefox, IE, Safari, Opera. This is both from a rendering perspective (ie for your prospects / site visitors) as well as a security perspective within the discussion here.

browser-usage-march-2013

Additionally Chrome continues to increase in terms of “market share” and therefore as a website owner, specifically in terms of appreciating what your audience is seeing (or not seeing) when visiting your site, I would suggest at least surfing through your site on Chrome from a user experience perspective.

chrome-usage

 

Pre-empting a Malware Warning

There may be telltale signs that your site has been infected prior to receiving any malware warning. The most common is a warning in Google Webmaster Tools regarding “An Increase in Not Found Errors” on your site. This is not to say that you have been hacked or infected, but this could be the case – additionally it makes for good housekeeping and site management to be on top of these sorts of messages or occurrences.

If your site has already been infected, hacked or compromised – the best course of action would be to contact your host and ask them for assistance. I believe the majority of hosts would be of assistance, failing which here are a few remedies:

1. Check your .htaccess file
Please take care here, because this file controls your site from a server level and any mistakes can render your site useless, ie 500 Internal Error.

A typical .htaccess file for a WordPress installation will look something like this:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index.php$ – [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]

# END WordPress

If there are other entries in the htaccess file, there may be reason for concern, and specifically if there is a redirect to a file named ‘default.php’. This is usually indicative of an attempt to redirect to that file which in turn will install malware on the site visitors machine, or redirect the visitor to a url of their choice…. (Example of hacked .htaccess file and the commands)

2. If you have the knowledge and ability to cleanup your WP installation, then by all means go ahead – you will want to conduct a search for possible files that should not be there and remove them. Unfortunately unless you know exactly which files should and should not be there this exercise may be a little dangerous and I would rather recommend that you enlist the help of someone who knows what they are doing. (Contact me here if needed – please provide website url)

Once you have cleaned your site up, and assuming Google has already notified you of the infection, you must request a review via the GWT interface.

GWT-health-malware

GWT-malware-review

 

Normally the review takes a couple of days at most. And you can check if this has been lifted by visiting your site on Chrome.

Here are some additional resources that can be accessed, and which I found extremely useful.

Prevention is better than cure

As the age old saying goes, we can all heed this and aim to prevent any attacks, having said that though again and unfortunately there is no guarantee of security purely based on the fact of the speed of evolution of online applications, as well as the amount of “bad” guys out there seeking to make a quick buck or even doing this stuff for fun!

Some Tips

  • Keep All installations up to date – this includes wordpress, themes, plugins
  • Remove unused themes, and plugins
  • Keep regular backups
  • Follow best practices with security in mind

Recommended – Hardening WordPress

WPANet – Security

This post will be followed up with a best practices for WordPress, as well as suggested plugins etc.

Posts by Andre van Wyk

Loading Facebook Comments ...

Leave a Reply