28th February 2011
The worst imaginable start to a Monday morning. You get into work, turn on your PC, go to your organisation’s website and find that some nerd has hacked into it and used it to serve malware. You’ve been blacklisted and anyone accessing your site is getting a big red screen telling them all about it.
So what do you do?
First, find out where your site has been flagged. Commonly it’ll be Google, who provide a free diagnostic tool – http://www.google.com/safebrowsing/diagnostic?site=http://YOURDOMAIN
The most common causes are malicious scripts, .htaccess redirects and hidden iframes. If your site was reported by Google, you can use Webmaster Tools for further reports on what your site contains.
Resolving the problem can be as simple as locating and deleting the offending code, but in some cases it will be well disguised or within database entries. If you can’t find all instances you may want to consider restoring a previous backup. If you’re not taking regular backups of your site files and database, you should be.
Once you’re sure your site is free of malware you can then request a review via Webmaster Tools.
1. Make sure any software you’re using (e.g. a CMS) is up to date with the latest security fixes
2. Remove any scripts you’re no longer using
3. Never use the default password
4. Lock down the file permissions on your server as much as you possibly can. If you have to change them to install a script, make sure they go back afterwards
5. If your hosting provider allows it, lock down your FTP access. It may be annoying having to unlock it on occassion, but no where near as frustrating as finding someone’s hacked in
6. If you’re using a CMS, see if there are any add ons or plugins available to help improve security
7. Only install scripts from trusted developers