Surviving on the worldwideweb. Was your website infected?
Some advice for dealing with a Malware/ Virus website intrusion.
In todays volatile world wide web, the need for a business presence is vital. However, it has become increasingly realised, that in order to survive, to rank well and be seen at all times, it is becoming somewhat more and more complex.
What with G00gle search engine updates causing mayhem for some, there is also an increased prevelance of Malware and Virus hackers in the world, that are seeking to undermine and exploit your website, leaving it AND your prospective visitors at risk from Malware, Trojan programs and a plethora of other 'video nasties'!
If you happen to fall victim, as hundreds of websites do every week, to such a malware attack of this nature, you could find yourself banned by G00gle for weeks! In the worst case scenario, do nothing soon and your domain may even be permanently blacklisted, you will have to start from scratch!
So here is a short survival guide to consider if your website does fall victim to such a malicious attack:
What do I do?
There are some relatively simple steps you can take to secure your, website, computer and hosting account from becoming compromised.
In the first instance:
1) Open your G00gle Analytics access (or other tracking program you have installed) - you will need to see who is accessing your website and from which region of the world. Possible IP addresses as well. (read on, all will become clear)
2) Hopefully you have your website files securley backed up on a local drive (unless the CMS database has been compromised if you are using CMS) If you are using CMS you MAY need to run a clean install, but remember that for whatever reason your install may still be easily compromised again!
It is possible that you can upload your local files if they have been stored securely. Consider backing them up on your PC AND on a removable device.
Now for the next course of action
Your hosting account may have been compromised, as the hackers are able to utilize trojan programs to access login details for your hosting account etc.
Are your login details stored on your desktop or in another folder on your laptop or PC?
Firstly run a Malware program on your PC to remove threats.
1) Please reset your hosting account (control panel) login using a password similar to this @JoeBloggs4321@
2) Please change your FTP password to a password similar as above in (1)
3) Change any open redirects, or redirects to pdf file downloads etc point directly to these download documents using simple html. Redirects can make your website vulnerable and could leave a security hole.
4) Ensure all folders withing the CMS that are not utilized by the browser in some way are password protected (this could involve some trial and error for CMS systems) utilize config or .htaccess and .htpasswd to achieve this. Also cap any folders using an index.htm file to remove directory address bar visibilty in browsers. i.e directory folder contents are visible when entering www.yourwebsite.co.uk/admin/
My WordPress install has been hacked - How to deal with a hacked WordPress website
5) Specify any potentially rogue foreign URLs or Proxy (i.e Tor/ Onion browser) type URL activity. Ask, why would anyone from a far away land, be wanting to i) search for your service ii) and most importantly, be using a proxy server!!
(6 dependent on Number 5)
You will probably need to install a "deny access" file or patch (to exising .htaccess file) to block proxy intrusion within .htaccess, firstly we need to verify the region the intrusion origin, unless proxy. Many people say that intrusions appear to be originating from certain areas in Asian regions.
In the htaccess file use:
### ALLOW FROM IP OR VALID PASSWORD ###
#Deny from 18.104.22.168
Your PC or laptop may have been compromised by a malicious virus or trojan. These can lay dormant and relay login data back to the host computer!
In light of this, you may consider also to:
1) Reinstall your O.S on your home computer or laptop (last resort)
2) Switch your internet options of your browser to NOT ALLOW autocomplete.
3) Install a good anti virus and anti malware package or at least scan your computer using MalwareBytes (which has a good free version)
4) Remove any data files that hold information regarding log in details form your PC/ Laptop that you are using to administrate or log in to your control panel/ hosting account/FTP.Store these files/details on a portable device if you can....and encrypt or secure this storage device if possible.
If you take these courses of action, you may well find that your website is back up and access via G00gle and other search engines within a few days, as Google will need to render the website in search.
Good luck and be safe on the web.