How do you clean a virus off of your own website? Here are the steps to take to remove malware from your web server and to prevent it from getting reinfected.
Ever had a virus on your home or work computer? Your web server is no different. It too can be infected with a virus. But, when a website is infected with malware, it’s not a headache for just the webmaster. Malicious code on a website attempts to infect the computers of that site’s visitors, too.
Identifying a Website Infection
Unfortunately, the first person to view an infected page is probably out of luck. The malware will download itself onto their computer and infect their system. However, at that point, it becomes easily visible as it manifests itself as pop-up ads or spam being sent from their computer. Services like Norton Security and Google can cross reference reports of the malware infection and identify which website the code originated from. They add this data to their already massive directory of infected sites so that the next web surfer who visits that site will be warned by Google, their browser, and possibly their antivirus software. People will begin to avoid that site and the virus will cease to spread.
While the effective quarantine of websites helps prevent the spread of malware, it can hurt the businesses whose websites are infected in lost traffic and reputation. So how do you tell if your own website is infected? The first clue is often a steep drop-off in traffic. Regularly monitoring your website’s traffic is key in catching the problem early.
Plugging the Holes
Once your website has been infected by malware you may ask “How do I fix this!?” or “What can I do!?” but the better question is “How did this happen?” Treating the symptoms and removing the malware is useless if you leave yourself open to reinfection.
The first place to look when your website is infected is right at yourself. A simple way hackers reach a website is by infecting the webmaster’s computer and watching for the web server’s password. Check your own computer thoroughly with antivirus and malware programs such as Malwarebytes. Remove any malicious programs and change any passwords you use to access your website. While this can be a painstaking process it is absolutely necessary to be sure that your website will remain safe in the future.
The next place to look is your web server. If your site is hosted on a shared server (a computer that hosts many websites on the same computer), the malware may have jumped from another infected site onto yours. If you think this is the case you will need to contact your hosting company and have them remove the malware from the infected machine.
Cleaning Up After a Malware Infection
Once the holes in your system have been identified and patched it’s time to fight back. If at all possible, take down the infected website. Leaving it up while it’s infected can hurt your public image by giving you a reputation for poor security and viral content. If you have a backup prior to the date your site was infected, fixing the problem will be as simple as relaunching that version of your site. If your website has changed significantly since the last backup or if a backup is unavailable, then it’s time to seek professional help. In order to purge your site of malware, an expert must read through your site’s code and selectively remove the lines of malware that have been injected amongst the legitimate content.
Having your website infected with malware is a frustrating experience but it doesn’t mean the end of your internet presence. Watch your logs for tell-tale traffic patterns of an infection and act quickly to protect your visitors to minimize damage and get your site back up. With a little luck and some vigilance, it should be smooth sailing from here on out.
© 2015 All Rights Reserved. May not be reproduced, reprinted or redistributed without written permission from the author.
Peter Van Nostrand is a security consultant at Software Solutions Consulting Inc. Visit Software Solutions ator call 631-738-2553.