Clearing a site of malware

by | Aug 18, 2010 | Webmaster Resources

In case your site got hacked and some malware code, virus, trojan or downloader, was inserted in your site here is a step by step tutorial on how you can clear it.

First you need to identify the code that was inserted by the hacker. There are many things a hacker can and will add to your pages but most of the times you can easily spot them as they have nothing to do with your site and you know you did not add them there.
Some of the most common malware codes are inserted betweentags. Others are using PHP functions to generate to code itself and you can spot these by the very long rows of characters with no spaces in them. Others might have links to other sites from which they get the actual codes.
These codes are added mostly to the top or bottom of your file and sometimes the hacker is deleting parts of your file to render it useless.

Here is the guide how to get your site cleared of these codes:

  1. Change the password to your site to something harder to break. Using lower case and upper case letters, numbers and special characters might help in keeping hackers off your site. Also remember not to give your password to anybody you don’t fully trust.
  2. Log in to the FTP of your site and first check your index file, this is the first one hackers edit. Search for the malware code and if found remove it. Before saving you can check the date of the file as most probably other files with the same date will be hacked.
  3. Go into every folder you have on your site and check each file, specially if the date of the file matches the date of your hacked index file. Remember to check every file, it is not just the .html, .htm or .php files that are modified by hackers, java files can also contain malware codes.
  4. If your site was noticed as a malware site and it is blocked you will need to request a review from the Google Webmaster Tools. If you have not yet added your site to the webmaster tools you need to add it and request a review, but only after the site has been completely cleared of the malicious code. Google will check your site and if it is really cleared they will remove the blocking

In order to keep your site safe you need to remember the following:

  1. Make your password secure. Use lower and uppercase letters, numbers and special characters
  2. Don’t give your password to anybody
  3. Don’t access your sites administration areas from unsecure locations, specially not using other computers than yours
  4. Use the security given by the server where you host your site. Make sure that the file permissions are correct. Don’t use the 777 permissions for files that are not specified that need that permission
  5. Choose your hosting well. A lot can depend on the security features the hosting company employs on their server.
  6. Check your site often to make sure that you can find out if your site was hacked as soon as possible
  7. Last and most important: Keep regular backups of your website. Some hosting companies make regular backups that can save you from a lot of work. The backups combined with the regular checking of your site will ensure that any hacking can be fixed in the shortest time with the least amount of work.