How to Fix Your Infected Site

Most people only consider malware and viruses to be a local issue that their antivirus software can easily handle and take care of. Unfortunately, if you own a website it can severely effect your website and search results as well. As Google is in the habit of doing, they recently released a tool for website owners’ who’s websites have gotten hacked. This tool will take you through the steps in several easy-to-follow videos and help you to identify some of the problems with your site.

Let’s go through these steps quickly for those who don’t feel like following the link.

So you’ve been hacked

The very first thing to do (before any of these steps) is to grab several copies of your website. You want a copy of the current infected files, a separate copy of your local fileset, and a copy from your server of clean files before the infection occurred. Mark each fileset appropriately and keep them separate. This will give you the opportunity to look through the individual ones and isolate the problem without infecting your clean site files. In addition, it could take several days to find everything and get it all cleaned up, at which point you will have lost your server backups.

1. Contact your host or technical team

If you can take care of all of this yourself, do it. You’re still going to want to contact your host as they can run more in-depth diagnostics that you don’t have available. They’re also going to want to know so that they can quarantine your site away from the other sites on their servers.

2. Quarantine your site

An infected site can easily infect other sites on the server or it’s users. If your site is infected and you found out about it, it’s likely that Google has taken the important step of notifying users to your site with a big, obnoxious red warning page. Quarantining your site involves taking the working files offline and putting up a simple landing page or 503 error page. At this point, you’re also going to want to change EVERY password associated with your account. No matter the way that the malware or bug got into your site, you want a clean and secure slate to start off with again.

3. Check Google Webmaster Tools for more info on your condition

You do have Google Webmaster Tools hooked up to your site, right? If you don’t, you need to set this up now as the tool will allow you to find more information about your particular issue and request a review from Google which will remove the massive warning that’s keeping anyone from actually visiting your site.

At this stage you’ll be able to look through the code, read the error messages and hopefully identify the main issue that your site is dealing with. It could be that someone got in through FTP, a bug in your hosts’ servers, and they may even be using your own files against you at this point to dynamically insert malware.

4. Clean the site up

Once you have a good idea of what’s wrong, go through every file on your site in depth. Check your .htaccess, every php and js file, every dependent and core file. These bugs have a tendency to infect multiple areas of your site and can hide really well. It’s important that you check EVERY single file and eliminate all possible causes. Any strings that you don’t recognize on the site, especially in js files is likely causing issues.

It’s useful to setup a test subfolder once you have a clean file set and test it thoroughly against the problem. If you’re convinced that you’ve eliminated the problem, set your domain to go to the new, clean directory and eliminate your old fileset. Make sure you have backups from along the whole process as it’s easy to forget a file!

5. Request a review from Google and any other programs that are showing error messages.

Google will go back through your site and if it’s completely clean, eliminate the error messages. You want those messages gone as soon as possible, so make sure that you take this step as it might be another month before Google crawls your site otherwise. Also, submit requests with other programs such as AVG or Bing as they’ve likely noticed that your site was contaminated. Google is usually pretty fast with these requests, so you should be back online within 24 hours.

6. Rejoice in your clean site!

You just cleaned up your site and eliminated a major issue. Pat yourself on the back.

The link to the Google Hacked page will give you significantly more in depth info on all of these steps, so give it a read through. It’s worth it to read through even if your site is currently safe. You want to be able to eliminate any problems within hours of them occurring and being prepared is the easiest way to do this!