28th February 2011
The worst imaginable start to a Monday morning. You get into work, turn on your PC, go to your organisation’s website and find that some nerd has hacked into it and used it to serve malware. You’ve been blacklisted and anyone accessing your site is getting a big red screen telling them all about it.
So what do you do?
First, find out where your site has been flagged. Commonly it’ll be Google, who provide a free diagnostic tool – http://www.google.com/safebrowsing/diagnostic?site=http://YOURDOMAIN
The most common causes are malicious scripts, .htaccess redirects and hidden iframes. If your site was reported by Google, you can use Webmaster Tools for further reports on what your site contains.
Resolving the problem can be as simple as locating and deleting the offending code, but in some cases it will be well disguised or within database entries. If you can’t find all instances you may want to consider restoring a previous backup. If you’re not taking regular backups of your site files and database, you should be.
Once you’re sure your site is free of malware you can then request a review via Webmaster Tools.
1. Make sure any software you’re using (e.g. a CMS) is up to date with the latest security fixes
2. Remove any scripts you’re no longer using
3. Never use the default password
4. Lock down the file permissions on your server as much as you possibly can. If you have to change them to install a script, make sure they go back afterwards
5. If your hosting provider allows it, lock down your FTP access. It may be annoying having to unlock it on occassion, but no where near as frustrating as finding someone’s hacked in
6. If you’re using a CMS, see if there are any add ons or plugins available to help improve security
7. Only install scripts from trusted developers
Jo has been looking after my website for a couple of years now. She has just completed another refresh of the site for me, tidying up a few pages and installed a fantastic new booking system that has made a huge improvement to the functionality of the site. I’m really pleased with the result, and the website looks great. I can highly recommend Jo for all your website needs.(Andrew Tee (Get More Adventure))