Website Malware detection and removal

Website Malware detection and removal

Easy steps to website malware , viruses , malicious code removal and fix vulnerability in your hacked website

Our clients often ask us how to detect and correctly remove malware from their infected website. Below I will try to describe a sequence of simple steps that does not require any special knowledge.
First of all, this article is aimed at beginners in administering Internet resources

How can you understand that there is a malicious code on your website?

It is important to understand that hacking a website so that it does not work, it is more often the work of non-professional hackers. The work of professionals Hackers is not easy to find.
How do you know if a Web site was hacked and identify the first symptoms of infection?

Indirect signs of infection of the website

There are many Indirect signs that you can see that there is a virus on your website :

• Excessive traffic consumption
• The failure of attendance statistics,
• Redirection to unfamiliar Web sites
• Blocking the site by web browsers
• Increasing the server load
• Alert from your hosting

These are all signs Infection and the presence of malicious links that lower the rating of the site.

Direct symptoms of the virus  of the website

The simplest situation is when a mark about the “virus” of your Web site appears in the search engine Yandex or Google. When you open an infected site in the Web browsers Opera, Chrome or Firefox, a warning window will appear about the infected resource. This browser have their own databases to identify infected sites. In the end, a local antivirus can determine that the Web site was infected, when you try to navigate between internal pages, you will see a corresponding message. It may be that the Web site was hacked and used to send out spam. You can find out about this when you receive notifications about mass mailing of spam to your host’s address.

How should one act in such situations?

First you need to determine where the virus or advertising link is hiding, and how they got to the site, because the themes, database or core of the site can be “infected”.
The easiest and fastest way to find a virus is installing an antivirus
About how you can identify the infection of your site with viruses, we described here in detail.

How do viruses penetrate your website?

Open source platforms are increasingly popular among bloggers due to the convenient and fast process of Website build and managing. WordPress , Joomla, Drupal, Magento etc. Along with the convenience of working with these systems, it should be noted a huge number of free plug-ins and widgets available for this systems. On the basis of these platforms, you can build not only a regular blog, but also an online store or news portal.Along with all the advantages of platforms built on the open source, they are the most vulnerable to hackers.The most advanced and at the same time the most vulnerable to hackers is CMS WordPress

Vulnerabilities’ this is security holes

But most Web sites built on these free CMSs have certain vulnerabilities in the security system. Developers, of course, try to quickly close them and release updates not only for the platform itself, but also for standard themes and plug-ins. Nevertheless, it is not always possible to protect yourself from hacking.
Based on the latest research presented on the official platform sites, you can make a clear picture of the mechanisms of infection, since a site built on open source systems can be hacked mainly through third-party plug-ins or modified themes.

Make a backup of your website, it’s very important

It is very important to make backup copies of the site. It happens that the viruses damage the files and the site code and you will need a backup for its installation. In this case, before you use the backup, it also needs to be checked for viruses and vulnerability. It is not uncommon for hackers to find and use a long-standing vulnerability to introduce a virus and it is very important to identify and close it to avoid further infection of the site

Use the plugin’s and automatic backup

To backup files, you can use plugins or apply full automatic backup, the tools for which are usually present on the hosting. It is not very difficult to configure a full backup on a specific schedule, but afterwards this process can save the administrator’s nerves and save a considerable amount of time. If you can not configure the full backup mechanism yourself, it is strongly recommended that you contact the hoster to resolve this important issue. Beginning Web administrators can be advised to regularly back up manually.
If the copy of the site and database is also stored on a flash drive, then this is a 100% guarantee that you can easily restore the website at any time.

Restore or clean the website?

Almost all Web sites are designed to bring income to its owner. Therefore, a mandatory requirement for a Web site is work in 24×7 mode. Shutdown periods for technical work should be minimal.
Therefore, in case of infection of the Web site, administrators seek to restore information from backups as soon as possible. But since the problem does not go anywhere, and the Web site still has a “security hole”, the second hacking will happen very soon and will not take much time from the attacker.

This situation will be repeated again and again, especially for popular Web sites. So an immediate solution to the problem will be an immediate closure of the vulnerability. If you just limit yourself to a permanent restoration of the Web site, you can lose all the indicators in the search engines and even get under their filter because of the spread of malicious software.

We are looking for malicious code on the site

To understand the motives of a person who has installed malicious code on your site, let alone look for it, we will not. Our main goal is to find the “bad” code and delete it. First, you need to scan the resource to find all the “infected” pages. This allows you to narrow your search. For example, a malicious code could be placed in the form of a Javascript script on a single page, say in the content of the post or a comment to it. In this case, the problem can be solved through the site admin site by removing such code from the content / comment. Otherwise, you have to search for it in the source code of your resource.

Website malware detection and removal – Antivirus installation

If you do not already have an antivirus installed, then you need to install it on your website. This simple procedure takes only a few minutes. You need to download and install an antivirus that matches the platform on which your website is posted.

Installing the antivirus plugin for WordPress

If you used to write a website PHP then you need to install a version to work with PHP. The PHP antivirus version can work with any open source PHP based.

Installing the antivirus plugin for a website in PHP

If you used to write a website PHP then you need to install a version to work with PHP. The PHP antivirus version can work with any open source PHP based.

Installation Joomla extension Antivirus

For sites built on the Jumla platform, you can install the extension from Joomla antivirus.

Website malware scanning and detection

After installation of the antivirus, you can immediately go to the process of scanning the site. If you have installed the first time for the first time, then you automatically get 30 trial with full functionality. You will be able to do a full scan of both the file system of the site and the database.

Malware and vulnerability diagnostics

For the first time, we recommend you run the scan in professional mode. It can take a lot of time depending on the size of your site. In this mode, will be do the most complete scanning of all files of the website.

WordPress plugin main function

Smart Protection / Website Hide Function (Prevent Hacker Attack / Security)
Anti-Spam Protection / Brute Force Bot Attack Prevention / Smart Firewall
Detection / Antivirus Scanner / Database Malware / Adware, Spyware, Spam Links
Diagnostic / Vulnerabilities Detection / Blacklist Monitoring
Built-in Malware Removal Tool / Security Cleaning Tool
Security Hardening / Hosting Hardening Check / Automatic Updating Function
GDPR Tools / GDPR Compliance Function

WebDefender Antivirus has some important advantages:

The fullest viruses database for signature search
Heuristic / security analysis algorithm
Extended search range that allows it to find viruses throughout the domain’s space, not only throughout the website
Scanning for viruses in database

Advanced algorithm Virus & Malware diagnostic

WebDefender Antivirus Security is based on a unique algorithm developed to find malicious code. It has the fullest signatures database.

WebDefender Antivirus reveals almost every kind of viruses and malicious code that exist today:

• Webshells and backdoor detection (backdoor webshells)
• Javascript malware, trojans and virus detection (JS viruses)
• PHP malware (server malware) and bot spam file detection
• Detection of phishing pages set up by hackers (phishing pages)
• Hack detection (malicious code in .htaccess)
• SQL Malware detection – an unique feature

Website Malware removal

After the antivirus detect the malicious code, it must be deleted.

Start with the malware cleaning and removal process.

When the scanning process is complete, go to the scan results and select one of the following categories: Vulnerabilities, Malware, and Viruses, Spyware and adware, or Professional features.

Immediately after removing the malicious code, I recommend changing the passwords of all users in the control panel of the site, and also try to find the experience of other administrators who have encountered this problem. It may be necessary to take some additional measures.

Prevention of Web site protection It is always better to prevent the infection of a website than to clean it up and repair it, so I recommend:

• Use “good” passwords for all users of the site (long, with numbers, uppercase and uppercase letters)
• Seriously to treat and filter the content that is generated on the site not by you (guest posts, comments)
• Do not wait for notifications, and periodically scan the site for vulnerabilities and diagnose malicious code
• Regularly update all plugins, themes, extensions
• Timely update the site management system (WordPress, Joomla, Drupal, …).

What if the problem was not solved?

Desperate situations do not happen. It may seem that you have tried absolutely all methods of neutralizing the virus code or hidden advertising links. It is possible that the Web site stopped working after an unsuccessful treatment against viruses, and you are no longer able to restore its work. Do not despair, but try to contact specialists who, for a fee, will help restore the Web site and give advice on how to improve its safety and performance.
In case you got rid of viruses, correctly configured plugins responsible for security, changed passwords, and after a while the situation repeated again, then you should consider changing the hosting provider. Most likely, the servers on which the Web site is located are poorly protected .

Conclusion

The Internet is rapidly developing, new updates are constantly appearing and new viruses are being written and security gaps in CMS. Walk in step with the times, regularly upgrade the plugin and theme. Install Antiviruses make them regular updates, and then you can avoid such emergencies.