Website Malware Removal
If you’re running a business website, then your Plan A should always be to stop malware from getting onto it in the first place. Sadly, there are never any guarantees that your Plan A will succeed. This means that you also need a Plan B. In other words, you also need to know how to remove malware from your website. Here is a guide to help.
How to remove malware from your website
Although there are all kinds of different forms of malware floating around in the wild, the steps to remove malware from your website are essentially the same. They can be roughly summarized as follows. Block access to your website. Scan your website. Decide whether to clean up your code or to reinstall your website. Clean up your administrator accounts.
Block access to your website
One of the harsh ironies of malware infestations is that you may, reasonably, see yourself as the victim, but if the malware on your systems causes problems for third-parties, then you may be the one who finds yourself in legal trouble (while the initial perpetrators often go free).
The quicker you block access to your site, the less likely it is that you will cause damage to other people. Also, you want to stop the hackers from coming back to cause more damage while you are in the process of repairing what they have already done.
Scan your website
You can use online vulnerability scanners for free on an ad hoc basis. It is, however, best to take a malware attack as a sign that you need to up your security game and invest in a website vulnerability scanner to give your website constant protection 24/7/365. Different website vulnerability scanners will have different functions but any decent one should include an anti-malware scanner and a website applications firewall.
Decide whether to clean up your code or to reinstall your website
Sadly, you cannot assume that removing the malware will be the end of your problems. Sometimes hackers inject sites with malware just to cause mischief. Many times, however, they’ll use malware to open up a website enough for them to get a toehold into it and then start increasing their access to your website by changing its underlying coding.
This reality means that once the initial scan is complete, you have a decision to make. You can either go through your website manually (or have someone do it for you) and purge whatever malicious code has been left behind or you can pull the plug and do a fresh install.
If you go through the site manually, then you have to be sure not only that you get all malicious code but also that you avoid breaking any genuine code. This requires skill and confidence and experience generally helps. On the other hand, this approach allows you to keep any customizations you have made to your website.
If you recreate your site from scratch, then you will be guaranteed to use clean code, but you will lose any customizations you have made to your site. You can recreate these but only if you remember to back up (and if necessary clean) any third-party add-ons you had created to enable them.
It’s also advisable to make sure that you have backed-up all of your unique content before you purge it. This is particularly true of images as they can be easily lost and expensive to recreate.
In short, the more heavily customized your website is, the more you should lean towards cleaning it up and vice versa.
Clean up your administrator accounts
Check your list of administrator accounts and make sure that you can positively identify everyone on the list as a valid administrator. If you can’t then just delete the account. If it does turn out to be someone internal, then you need to investigate why they were given access without a record being made.
Once this has been done, have all your administrators change their passwords. If an administrator isn’t there, then downgrade them to a regular user (or revoke the account) until they are and you can have them change their password.
Now is a good time to review the use of administrator accounts in general and in particular to check what measures are in place to enforce safe usage practices. For example, are you implementing strong-password policies and two-factor authentication? Are you blocking users after excessive failed login attempts? Are you logging them out automatically if they spend too long idle?
Please click here now to have your website scanned, for free, by cWatch from Comodo.
© 2024 Comodo Security Solutions, Inc