Home
About me
Advertise
Sitemap
Wordpress SEO
Contact
SEO jargon busters
RSS feeds
Daily SEO Blog
Jan
01

Website security tips – What to do if website is hacked or malware infected

fight-malware

How to detect malware ? Find out if your site is hacked.

First off, if you want to find out if Google found suspicious code on your site, use the following URL, appending your domain name to the end part.

http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://www.dailyseoblog.com

Surprisingly many of the times, when a site is hacked, (I don’t mean the ones like Twitter gets once a while, where you get a totally different homepage) webmasters don’t realize that the site is hacked. This is because only a part of the site is hacked, and you know it only when you see a dip in traffic / indexed number of pages.

So the important factor is to identify a hack, as soon as possible, so that you can do all that you can do minimize the ill-effects that may occur.

1. Sudden drop in number of indexed pages

When I say drop, I mean a huge one like in thousands. Indexed number of pages are heavily fluctuated and if you take it seriously can cause unnecessary worries. But if you see that either a huge part of your site is not showing up in the google live index, OR your main pages don’t show up on the live SERPs (with a direct key phrase match) , then you might want to consider worrying.

2. Heavy dip in traffic

Mostly accompanied by a hack is dip in search engine traffic as Google would’ve already found the hacked pages and took the site out of index. You don’t want to let this happen to your site.

3. Google Webmaster Tools shows weird pages

Google Webmaster Tools are pretty quick in detecting malware on sites. And it has a lab feature where all the suspected malware code will be shown.

image

4. Site shows up for “black listed search queries”

When you search for phrases like “viagra” (unless you;re using them in some context) with your site: command search, your site shows up pages. That’s the last thing you want to see.

What should a webmaster do if he finds his site malware infected.

Step 1 – Check for security configuration on your servers. Check for Directory permission and Apache security. Find more details here.

Step 2 – Remove all outgoing links from the user generated areas of your site. Because, this area is often exploited by hackers. It wont in most probabilities clear the site of malware, but it will stop future risk.

Step 3 – Remove all Ad scripts running on the site. Many a times invisible iframes are used via advertisement codes used on your site without your knowledge, the best option is to keep away from such ad codes (especially from less reputed vendors) but if you end up in a situation, remove them.

Step 4 – Switch from Telnet and FTP to SFTP.
Telnet and FTP are both considered insecure because of their use of plain text protocols. They transmit usernames and passwords in a way that anyone with access to the network can read.

Step 5 – Take the site offline temporarily.

If you can’t get things back to normal, take it temporarily offline, so that Google don’t index more hacked pages and end up in more confusion. Then best way out is to issue s 503 status.

Step 6 – Let Google know that something has screwed up

You can let Google know that one or more URLs in your site has been compromised and you want to take it/them down. Use the URL removal tool from Google Webmasters Tool.

Step 7 – Fix what is wrong

If you can manually fix all the malware, well and good. Generally malware affects only parts of your site, like a footer.php or header.php. In such cases you can manually edit out the bad areas and roll back to fresh code. And once you’re completely sure that things are under control, request a malware review for the site.

Step – 8 Request a malware review from Google

  1. Go to Webmaster Tools Home page, select your site.
  2. In the Parts of this site may be distributing malware message, click More details.
  3. Click Request a review.

If your site is completely screwed and Google has taken you down from the live index, you should think about clearing your site of possible malware by manually checking all the codes and once everything is safe, request a re-inclusion request.

How to prevent future malware problems ?

- Stay away from using WordPress/CMS themes, templates that have not been verified. Some themes (which are even available on popular sites) contain hidden code, that you won’t even realize.

- Do not entertain non-reputed vendors to publish ads on your site. Especially with Javascript code.

Some Additional CMS Security Tips

WordPress – Tips to increase security in WordPress

Joomla – Security Checklist for Joomla

Drupal – Security Tips

Php Nuke – Security Tips

SEO Auditor Features
- Complete SEO audit
- Competitor Analysis
- Report generation
Try it today !
Link Assistant Features
- Easy Link Building
- Finds link partners
- Get backlinks regularly
Try it today !
Rank Tracker Features
- Rank Check reports
- 558 Search Engines
- Keyword Research
Try it today !



Possibly related SEO & Social Media Articles

  • SEO Tips Day 14 – How to submit a new website to search engines ?
    Submitting to search engines, technically means applying for an inclusion to the search index of a search engine. Some SEOs treat this as a service, offering different methods for new websites to get listed on the search engines, but in my opinion this is a very basic necessity every webmaster must go through. Submitting websites to [...]...
  • 5 Must do daily SEO tasks to keep your site out of errors and in good health
    Little piece of advice to all those who’re serious about SEO health of your site. I suggest all my clients to regularly keep a watch of their SEO metrics and stats, just to be sure because most of the things (errors) when creeping in does not show itself immediately. its only possible to detect a [...]...
  • Google Site Index and Sitemap – Working together
    Many a times, there have been questions posted up at the WebMasters forums, asking the solution for the discrepancy in the number of pages indexed from your website shown on the Google site index and the Webmasters console. site:www.yoursite.com gives the number of pages indexed by Google on its regular index while the webmasters console shows [...]...
  • Search Engine Optimization tips for MSN Live
    Search Engine Optimization techniques are pretty much similar for all search engines like Yahoo and MSN. If you optimize your site focusing Google, then others follow – that’s what we’ve seen so far. However, the MSN Live team too have some specific SEO techniques they suggest to webmasters that help in search engine specific metrics. [...]...
  • Remove other sites from the Google search results
    Google has a new option for webmasters – that enables us to remove a particular information on a website from it’s search results. Vanessa Fox today released the Webpage removal tool that will enable users to delete off indexed pages from your site on Google’s index and also information/pages on other sites. The latter [...]...

Category: Blogging | Author: Mani Karthik
SEO Wordpress Themes
  1. KikolaniNo Gravatar

    When my sites were hacked a while ago, Kaspersky was the first thing to notify me about the problems. I was going to take a look at a change I made to my site, and Kaspersky alerted me that the site contained malicious coding, which I was able to get out. I trust that software to catch problems on websites before they are able to latch onto my computer.

    Reply

  2. Jason RemillardNo Gravatar

    Excellent post!

    To add to this, we always recommend regular vulnerability and malware scanning services (which we offer) to all sites. We scan for over 100,000 malware patterns, and over 30,000 web vulnerability exploits. It is important to regularly scan in order to be on top of newer exploits.

    Our customers know before the vendors do in most cases as to when there is a hole. This affords the ultimate in protection. We offer daily, weekly, biweekly and monthly scanning options, which you choose based on your risk quotient.

    All in all, regular scanning is an important preventative measure for any site that is important.

    Jason Remillard
    Managing Director – 54f3.com
    http://www.54f3.com

    Reply

  3. 4 Warning Signs That Tell You If Your Website Is Being Hacked. | Help My Small Business Website Blog

    [...] a great blog post that outlines some handy steps to help you give those hackers the boot. Read more here towards the end of the [...]

  4. kyleNo Gravatar

    reat thanks for sharing your knowledgeHence the censorship of apps that mention the Dalai Lama. Never mind how much you might think of the Nobel Peace Prize-winner as a calm, rational, happy and enlightened soul: In China he’s a dissident, a figure for fomenting political dissent. Hence Apple has to agree to censor apps that pertain to the little guy.

    Reply

  5. PixelsmediaNo Gravatar

    Excellent post! It will really help us in detecting the problem if there is any .It will help sites from seo point of view too! It will help optimization of the site.

    Reply





Click to cancel reply

  • DSB Sponsors

    SEO CockPit Extreme Member Advertise Here Advertise Here
    Advertise Here
  • Recent SEO Blog Articles

    • How to detect mobile browsers & Redirect mobile users to another URL
    • 3 Effective Ways to block Google from crawling parts of your website
    • News from Google: Fix duplicate content issues using canonical tag across websites
    • Header Tags – What are they ? Where and How to Use Them Effectively
    • Speed up your pages like right now !
    • 5 Routine SEO house keeping tasks to check site health regularly
    • 4 SEO Factors Search Engines might talk about more in 2010
    • 3 Simple Ideas that will get backlinks, even if you don’t ask
    • SEO Tips Day 14 – How to submit a new website to search engines ?
    • SEO Tips Day 13 – 3 Crucial things you should avoid in SEO
    • SEO Tips Day 12 – Top 3 Influencing factors in backlinks
    • Google now indexes pages via RSS/Atom feeds on your site
    • SEO Tips Day 11 – How to deal with duplicate content issues
    • SEO Tips Day 10 – Domain Age and SEO – How important is it ?
    • SEO Tips Day 9 – Optimizing URLs for Search Engines
  • Popular at Daily SEO blog

    • 10 Twitter tools to effectively manage your followers (124)
    • How to get indexed by Google in 48 hours (102)
    • How to get a Google Wave invite (even if you didn’t sign up earlier) (91)
    • How to get free backlinks (81)
    • Free SEO Wordpress theme – SEO Blog (74)
    • Ultimate list of Dofollow Social Bookmarking sites (72)
    • 9 Twitter Tips that will help you gain respect in the Twitterverse (Like @Zaibatsu) (72)
    • 25 SEO Gurus you should follow on Twitter (61)
    • New Wordpress theme - "SEO Green" from DailySEOblog (56)
    • SEO for Wordpress - A quick guide (55)
  • Social Media Articles

    • Why is it easy to convince your client of Social Media Marketing but not implementing it
    • 4 Cool Twitter Applications to help you monitor weight, health and stay fit !
    • Why I Tweet Frequently (and still don’t count it as a mistake)
    • 5 Tips to make Twittering more meaningful by increasing the signal to noise ratio
    • StumbleUpon gets a makeover – Gets cool new features !
    • Top 25 Most Popular PodCasters on Twitter you shouldn’t miss following
    • 5 Features I’d like to see on the Su.pr URL sharing service
    • Top 35 News Sources on Twitter you should follow : Keep updated with the latest news
    • 8 Habits of Successful & Popular Twitter users for Inspiration
    • 10 Tricks to search Twitter better, Beyond your timeline – Around the world
    • How to make money on Twitter ? Some ideas that work ( without screw ups ) !
    • 9 Mistakes I committed on Twitter and could’ve avoided !
    • 9 Reasons why I prefer to DM you rather than reply in public on Twitter
    • Social Media Power user. What, So he’s like superman or something ?
    • Would having more than one account on Twitter increase productivity ?
  • Recent SEO Tips

    • Website security tips – What to do if website is hacked or malware infected
    • Google PageRank Update 2009 December is happening as I write this
    • 5 Reasons why Google PageRank sucks (and is no more a valid metric) !
    • Google gives top users at Webmasters Forum a pat on the back !
    • How to detect mobile browsers & Redirect mobile users to another URL
    • Google Introduces keyboard shortcuts to access Search results – Accessibility Search
    • 3 Effective Ways to block Google from crawling parts of your website
    • DSB Needs a redesign. Looking for ideas and options.
    • Google Guru might be Google’s answer to Yahoo Answers. Or is it ?
    • Google introduces “Browser Size” tool for webmasters
    • 10 Essential Adobe Air Applications for Social Media Addicts
    • News from Google: Fix duplicate content issues using canonical tag across websites
    • Integrity – Broken Link Finder SEO Software for Mac
    • Google Employees get to test the Google Phone
    • Why is it easy to convince your client of Social Media Marketing but not implementing it
  • Active users @ SEO Blog

    • nitin
    • agree
    • kyle
    • mastiask
    • Rich Baker Social Media
  • Top SEO Tags

    ads adsense backlinks blog blogger Blogging blogosphere blogs categories check crawler crawling crowd Excel google image images indexing india indian instances internet javascript keywords links pages rank robots search engine optimization seo tips serps sitemap submit tags templates theme themes upload video wordpress Wordpress SEO wordpress seo wordpress tips yahoo youtube
  • Recent Comments

    • Steve AustinNo Gravatar on 3 Effective Ways to block Google from crawling parts of your website
    • seoNo Gravatar on Google gives top users at Webmasters Forum a pat on the back !
    • Google PageRank Update 2009 December is happening as I write this on Google Toolbar PageRank Update October 2009 is on !
    • How to detect mobile browsers & Redirect mobile users to another URL on 10 Easy Tutorials to create a Mobile version of your blog in minutes !
    • PixelsmediaNo Gravatar on Website security tips – What to do if website is hacked or malware infected
    • seoNo Gravatar on Google gives top users at Webmasters Forum a pat on the back !
    • shaltytawNo Gravatar on Top traffic generating keywords
    • good internet jobsNo Gravatar on Increase your online revenue with 13 Wordpress AdSense plugins
    • Rich Baker Social MediaNo Gravatar on 9 Tools to measure your Twitter Influence & Reach !
    • Rich Baker Social MediaNo Gravatar on 9 Tools to measure your Twitter Influence & Reach !

Basic SEO Tips

  • Change the way your site appears on Google SERPs
  • Control Google's crawl frequency to your site
  • How does Google see your site?
  • Importance of footer text in SEO
  • Optimizing header images
  • SEO tips for MSN search engine
  • Optimizing blog titles for Google
  • SEO friendly layout
  • What is an SEO friendly site structure?
  • Importance of keywords - SEO Tips
  • Anchor text importance - SEO Tip
  • SEO Tips for blogs and bloggers
  • Absolute links or relative links is good for SEO?
  • Important SEO tips for wordpress

SEO Tips for blogs

  • 24 Must have SEO plugins for Wordpress
  • SEO Tips - Copy writing guide
  • How to get quality backlinks?
  • Social media and link building tips
  • SEO Tips - Landing page Optimization
  • How to increase traffic to your blog?
  • How to increase your Page Rank?
  • Image optimization tips for blogs
  • 7 steps to your blog's SEO
  • How and where to find incoming links?
  • SEO tips for Google
  • SEO metrics to track
  • How to build a sitemap for blogger
  • How to get Google sitelinks?
  • Find out when Google indexed you
Mani Karthik Hi, I'm Mani Karthik, SEO, Blogging & Social Media Enthusiast. I primarily blog about SEO and Social Media on this blog, basically How-to articles and tutorials to help the SEO learner. Feel free to have a look around and drop comments. Hope you enjoy your stay.
>> More about me
© 2009 DailySEOblog.com Privacy policy