Malware infections are without doubt is the most serious nightmare of every webmasters and blog authors. Most of the search engine bots detects if any malware is present in your site and they normally block the sites appearing in search results. Your site listing in the search engine results pages (SERPs) will either be completely omitted or the link to your site will be disabled.
A recent iFrame Attack Infected more than 300000 osCommerce Sites . The intruders injected an iFrame exploit in compromised osCommerce based web site pages and the malware redirected users of the web site to malicious web domains.
Related:

  • 10 Top AntiVirus Software of 2011
  • How to Check a Website for Malware and Virus Infection

Often attackers edit your HTML or script files to make calls to external, malicious content on servers they control. Even they can poison the external content on your site that will result in your site serving malware.Top Antivirus software 2010
Once infected you need to take immediate actions to clean up the site. Temporarily take down the site for maintenance. Clean up all the files and upload the clean version to the server again. If the search engines already blacklisted your site then submit again for reconsideration. You can follow the instruction for Google reconsideration request and for Bing.

Next steps after malware detection

Once you identified  that your site is compromised you can follow the below steps.

Take the site offline for maintenance

As soon as you detect a malware attack take the site offline. Your site should not server any content from your server other than “Under maintenance” page. This helps you to avoid putting site visitors at risk of malware infection.

What you need to check?

Start scanning all the files which is taken from your server. Do an antivirus anti malware scan. Usually attackers inject some malicious code to your pages. This can be JavaScript script code inserted into your pages, <iframe> codes <iframe> automatic redirects etc. Attackers normally does Obfuscation efforts to hide their exploitation work from quick inspections.

Identify files under attack – Source Code Analysis

Perform a detailed source code analysis. Here if you maintain any version control system then you life is much easier. Compare your safe version of the source code file system with the one from server. Do a file/folder comparison. It will reveal any changed files. You can use tools like BeyondCompare or TreeCompare etc to do the file/folder comparison.
Verify the modified files for any script/frame injection or the presence of any suspicious code fragments. Replace with the version you have in your local machine or version control system.

Verify your latest site backup and replace

Verify your last website backup (including database backup) of website or blog. Do a complete scan.Fully replace the web site with the last clean backup copy of it.
Read:

  • How To Backup WordPress Blog and Database. Best Free Tools to Backup WordPress Blog

Change all password including Admin, FTP, Database passwords

As soon as you detect an attack change all the passwords including the administrator password (of CMS such as WordPress),FTP passwords, database passwords, web server password. Use Strong new passwords.
Read:

  • Top Ten Tips to Keep Your Passwords Safe and Strong
  • Password Protecting website Pages and Directories using .htaccess.

Verify Server folder permissions

This is very important. Check all the folder permissions. You should not give write permissions to anonymous users.
Read:

  • Must Do Tips To Secure WordPress Blog and Site

You can also backup the infected version of your website for further analysis. As soon as you cleaned up the complete website and reconfirmed everything OK, you can change the maintenance mode. If your site is already blacklisted by search engines apply for reconsideration.

Binu GeorgeWebsite Optimizationhow-to guides,malware scan,malware site list,malware test site,productivity,Top 10,website malware check,website malware scanMalware infections are without doubt is the most serious nightmare of every webmasters and blog authors. Most of the search engine bots detects if any malware is present in your site and they normally block the sites appearing in search results. Your site listing in the search engine results...Tech-Knowledge that helps