Fix Compromised Websites

Infected Websites

How my site gets infected

  • If you use of old PHP scripts. They ALL have security holes in them.
    (WordPress, Joomla etc - always use the latest stable version).
  • 777 permissions on files leave the back door open to write to a file.
    (SmallPond Servers do not allow global 777 permissions.)
  • A trojan can be uploaded by the website owner unknowingly
    (free skins may have Trojan code embedded).
  • Password breach - use machine generated passwords.

What to do about the Infection

  • Change all access passwords to machine generated ones.
  • If you are unfamiliar with your CMS, you will have to call in a developer.
  • Scan the site on your computer using an effective antivirus program.
  • Scan the website online using a virus scanner
  • Disable any SMTP mail sending facility that comes with a PHP program.
  • Look for java script embedded in the code.
  • Check last modified dates on files for recent malware activity
  • Look for obvious destinations that are not related to your website.
  • Upgrade all PHP programs to the latest version.
  • If your site is badly contaminated, then a complete rebuild may be necessary.

Why does this happen?

Mostly, your site is hacked so that it can send spam out for the spammers. Spammers are motivated by money and target the gullible.
Other hacking motives are identity theft, political or just malicious (revenge or any perceived injustice).
This why keeping Credit Cards on your hosting space is a big NO NO.

Removing Google warning message
from the Search Results Display

  • Once your site is clean and has been uploaded to your hosting space, log into Google. If you dont have a Google account, now is the time to open one - it is free.
  • Go to Webmaster Tools - click here
  • Add your website URL and verify it
  • On the Webmaster Tools Home page, select the contanination free site.
    In the "Parts of this site may be distributing malware message", click More details : Click Request a review.
  • Read more about Malware and infected websites

CERT Advice
Computer Emergency Response Team (Australia)

If you own a website (ie you are the registered domain owner), you may receive an email from info@cert.gov.au to notify that your website may be hosting or redirecting to malicious content.
As the owner of the website, it is your responsibility to keep it clean of malicious content.
We recommend you consider this plan of action:

  • scan your website for common problems using a free website scanning tool
  • take the affected website offline for remediation
  • change the password for access to the website using a known clean computer
  • restore the website from a clean backup
  • update the website with the latest Content Management System version and security updates
  • install security plugins and harden the website to prevent further security compromises
  • put your website back online and re-scan it
  • use the Google search engine to perform a security review of your website:
    http://www.google.com/webmasters/hacked/