What should a webmaster do if he finds his site malware infected?
Step 1 – Check for security configuration on your servers. Check for Directory permission and Apache security.
Step 2 – Remove all outgoing links from the user generated areas of your site. Because, this area is often exploited by hackers. It wont in most probabilities clear the site of malware, but it will stop future risk.
Step 3 – Remove all Ad scripts running on the site. Many a times invisible iframes are used via advertisement codes used on your site without your knowledge, the best option is to keep away from such ad codes (especially from less reputed vendors) but if you end up in a situation, remove them.
Step 4 – Switch from Telnet and FTP to SFTP.
Telnet and FTP are both considered insecure because of their use of plain text protocols. They transmit usernames and passwords in a way that anyone with access to the network can read.
Step 5 – Take the site offline temporarily.
If you can’t get things back to normal, take it temporarily offline, so that Google don’t index more hacked pages and end up in more confusion. Then best way out is to issue s 503 status.
Step 6 – Let Google know that something has screwed up
You can let Google know that one or more URLs in your site has been compromised and you want to take it/them down. Use the URL removal tool from Google Webmasters Tool.
Step 7 – Fix what is wrong
If you can manually fix all the malware, well and good. Generally malware affects only parts of your site, like a footer.php or header.php. In such cases you can manually edit out the bad areas and roll back to fresh code. And once you’re completely sure that things are under control, request a malware review for the site.
Step – 8 Request a malware review from Google
1. Go to Webmaster Tools Home page, select your site.
2. In the Parts of this site may be distributing malware message, click More details.
3. Click Request a review.
If your site is completely screwed and Google has taken you down from the live index, you should think about clearing your site of possible malware by manually checking all the codes and once everything is safe, request a re-inclusion request.
