Removing Malware: What To Do When Your Site is Hacked

If Google has flagged your site, it's a virtual certainty that your site has been hacked. That is, there are files on your website that have been modified to include malicious software called "malware". But many webmasters have little experience dealing with this level of security issues, so the following information is intended to be a useful guide for inexperienced webmasters and website designers to dealing with malware and hackers.

Start by doing a thorough virus scan of the computer that you use to create your website. It is very important to insure that you have removed any virus on your computer that can be used to alter the files for your website or to steal your FTP account user name and password information. This insures that your own computer won't simply be re-infecting your website once you've cleaned it. Most people use anti-virus software as a matter of course, so it's important to supplement this protection with software that you do not use on a regular basis to be sure that no infections have gotten past your regular anti-virus software. There are several good free anti-virus or malware scanning programs available online. I recommend Spybot: Search & Destroy, or Malwarebytes' Anti-Malware. Either one will do a thorough scan of your computer and will remove any suspicious files.

Change the passwords on all of the FTP Accounts for the website. Hackers are increasingly targeting FTP account access information - user name and password - to spread their infections. Changing your password on a regular basis is also a good security practice in any case. Stolen log-in credentials are becoming the most common method hackers use to access other websites, so you need to be sure that only authorized users have FTP access to your website.

Delete all of the files from the server. The best way to remove an infection is to wipe the server clean, because hackers often add files to a site that either re-infects the webpages or opens a backdoor to the site for them to regain access. The only files you can leave behind with relative safety are your mySQL database files, since they're almost always on a separate server and are rarely a source of malware. But if you have recent back-ups of your mySQL data files, you should strongly consider restoring the database files on the server from your back-up copies as well. If you haven't kept back-ups of your files, you can often find recent copies available online through archiving websites like The Wayback Machine. You may not find all of your original content, but you should be able to find a good deal of it.

Restore the files for your website from your local back-ups. Check the malware warning from Google to see which pages they marked as suspicious, and manually check to see that your local copies of those files are clean. It's also a good idea to check the last modification date on the local files to see if they appear to match the dates when you last updated them. If all is well, you can go ahead and restore the site by uploading the files.

Update all blog, forum, gallery, CMS, plug-ins, and all other scripts that you use on your website to the latest version. Most hackers gain access to websites by exploiting known vulnerabilities in older versions of popular software. The people who make these scripts are usually very good at keeping up with hackers, but you must regularly check if new updates are released and install them as soon as possible. Once you've updated the scripts on your website, be sure to update your local copy as well.

File a Malware Review Request through Google's Webmaster Tools console. Google will periodically re-scan a site to see if the problem has been repaired, of course, but that can take quite some time. Filing a Review Request gets your site examined much sooner and will usually get the malware warning removed within a few days (often sooner, but there are no guarantees).

In summary, the key steps to removing Google's Malware Warning are: (1) Removing the malware from your website, (2) Closing any holes in your site's security, and (3) Filing a Review Request. If you follow these steps and still have trouble, you can get more help by visiting Google's Webmaster Help Forum where there are people who will examine your site and make recommendations. http://www.google.com/safebrowsing/diagnostic?site=icd.kpi.ua

http://www.rainbodesign.com/seo-tips/malware-hacked.php

Scholarly Lite is a free theme, contributed to the Drupal Community by More than Themes.