GradeUs banner  below header new
Thanks Thanks:  0
Likes Likes:  0
Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    Member Since
    Oct 2013
    Location
    Portland, OR
    Posts
    771
    Thanks (Received)
    2
    Likes (Received)
    5

    Warning! Your site has been infected with malware...

    Time for another quick tool question.

    I don't do a ton of actual website work anymore, but after a recent client (whose site was managed by someone else) got hacked, I decided it's time to revamp my 'best practices' to make sure clients are safe.

    What I'm wondering... are there big holes I'm leaving out in my ignorance? My one tool I've been recommending is for wordpress, what if they're using Weebly or something? If they lock down one site, but have another on the same server that gets hit, does that open a door into their business site? I honestly don't have all that clear of a sense of what hackers in 2016 even do, so if this is something you know about, by all means point me to some good reading material to get up to speed.

    Currently, aside from a quick conversation about password safety, I make sure they install wordfence (if they're using wordpress) to block brute force attacks and get an alert with their malware scanner if anything does get through. That's about it, and I haven't had any problems with clients I've done that with. What do you do, and what would you add?
    Last edited by James Watt; 06-14-2016 at 10:23 AM.

  2. GradeUs in thread
  3. #2
    Member Since
    Jun 2012
    Location
    SoCal
    Posts
    15,619
    Thanks (Received)
    151
    Likes (Received)
    160

    Re: Warning! Your site has been infected with malware...

    I don't know much about hacking either.

    All I know is David my forum admin, keeps up Wordpress for me too and I know he uses WordFence because he got alerts a couple weeks ago and we had to have host block some IP ranges.

    He may have other suggestions too? Or anyone else?
    Linda Buquet .:. Forum Founder, Google Local Specialist

    If you benefit from advice here... Please pay the community back by sharing on social OR helping someone else at the forum. Thank you!

    Don't Miss Important News & Tips! Subscribe to Daily Email Digest Here

    Note: Due to mulitple RSI injuries, pardon short replies. Typos? Blame it on "Dragon".

  4. #3
    Member Since
    Oct 2012
    Location
    Pittsburgh, PA
    Posts
    925
    Thanks (Received)
    16
    Likes (Received)
    34

    Re: Warning! Your site has been infected with malware...

    Run the site through sucuri's tool - https://sitecheck.sucuri.net/

    You can sign up for automatic monitoring with them as well. The other thing is to just keep an eye out where the site is hosted. Cheaper hosts are more lax on security, so you just need to do your homework. Another basic is to make sure plugins are updated, and make sure you're not using anything too outdated on your site. If the plugin developer decides to forget about the plugin, you should probably dump it too.
    My rarely updated website (I should fix that) - https://www.ericrohrback.com
    Follow me on Twitter
    Want to talk? Book time with me here

  5. #4
    Member Since
    Mar 2013
    Location
    Las Vegas
    Posts
    129
    Thanks (Received)
    7
    Likes (Received)
    5

    Re: Warning! Your site has been infected with malware...

    The most important thing is to just keep up to date and monitor the site.

    Make sure all installed plugins and themes are always up to date even if not activated. Also make sure that themes/plugins are not "abandoned". I have seen installed plugins that show as 'last update: 5 years ago', so you won't see an update notification, but the plugin is severely outdated and vulnerable.

    WordFence (even the free version) is a must and does a great job of preventing attacks and helps notify you if anything changes or needs updated.

    BackupBuddy (or any good backup system) - keep regular backups even if your server/host claims to also have backups. That way if you are ever hacked you can restore quickly instead of cleaning the entire server.

    GOTMLS is a great plugin and will pick up many site infections beyond what the other scanners can find. I recommend scanning with this once a month. The Sucuri scan is decent, but misses a lot since it is an external/public side scanner.

    If you have multiple sites on one server (add-ons with same cpanel logins) any infection can (and will) bounce from site to site. One bad folder on your server could be an access point to attack all sites. If you have a "reseller/whm" type server and each site has it's own separated cpanel access, it's won't be an issue.

    When you clean an infected site, it's important to look at the site files, other files on the server and the database for infected files. Look for additional WP Users and different emails attached to your users.

    Once you clean a server/site, change all the passwords.

    To remove the Google Warning (This site has been hacked), once clean, use Google Search Console (Webmaster Tools) to submit a review. They usually reply in less than 12-24 hours.

    If you ever need help cleaning a site, let me know. As dirty as it can be, I like doing this service.
    Wordpress Specialist: Building, Repairing, Updating, Maintenance, Hack Repair/Cleanup and Security.
    Owner of Say So Marketing in Las Vegas, NV.

  6. #5
    Member Since
    Jun 2015
    Location
    St Paul, MN
    Posts
    56
    Thanks (Received)
    3
    Likes (Received)
    6

    Re: Warning! Your site has been infected with malware...

    Eric and Greg got most of the technical points covered. I would add the human element which is the least discussed yet most penetrable part of the equation.

    My approach is to start with whom and how the site was built. You'll be surprised by the number of people and companies involved. The second step is user permissions to the backend. Delete names you don't recognize or should no longer need to access the site.

    Plugins are most vulnerable when they're not up to date. Therefore, it's best to limit the amount of plugins a site uses to improve both security and performance.

  7. #6
    Member Since
    Oct 2012
    Posts
    151
    Thanks (Received)
    1
    Likes (Received)
    3

    Re: Warning! Your site has been infected with malware...

    Quote Originally Posted by Greg Schueler View Post
    To remove the Google Warning (This site has been hacked), once clean, use Google Search Console (Webmaster Tools) to submit a review. They usually reply in less than 12-24 hours.
    Also, once a site has been cleaned, be sure to contact major security services so they update the website's rating accordingly: https://sitecheck.sucuri.net/ to ensure it doesn't stay blacklisted.

    You'll need to notify Google and possibly McAfee, Norton and others as well.

  8. #7
    Member Since
    Oct 2013
    Location
    Portland, OR
    Posts
    771
    Thanks (Received)
    2
    Likes (Received)
    5

    Re: Warning! Your site has been infected with malware...

    Thanks for weighing in everyone! There's some great stuff here I'll be adding to the mix. Unfortunately the 'multiple sites on the same server' vulnerability is one I'm currently working through. A client's got their website managed with the owner's sister, and all her sites got hacked. I got access recently to the client site and cleaned it up, but it just got reinfected a day or two later. Suggesting they let me migrate it to it's own server account somewhere better, we'll see what they say.

    Gotta love those family web developers. Thanks again everyone!

    @Greg - depending on how things go with this client, if the sister can't get it cleaned up and migrating it doesn't close the backdoor, I might just be hitting you up in the near future, thanks for the offer.

  9. #8
    Member Since
    Oct 2012
    Location
    Pittsburgh, PA
    Posts
    925
    Thanks (Received)
    16
    Likes (Received)
    34

    Re: Warning! Your site has been infected with malware...

    I have a website hack i'm dealing with now for a client, and I can clean the files up OK but my concern is the MySQL database. How can I check for hacks there? Anyone have suggestions?
    My rarely updated website (I should fix that) - https://www.ericrohrback.com
    Follow me on Twitter
    Want to talk? Book time with me here

  10. #9
    Member Since
    Nov 2012
    Posts
    952
    Thanks (Received)
    25
    Likes (Received)
    28

    Re: Warning! Your site has been infected with malware...

    Following as we have had several hacks over the last week to 10 days. My tech team fixes it and then some are getting re-hacked. It's crazy!
    Scott Rawlins - Find Local Company in Atlanta GA
    Follow Me on G+

  11. #10
    Member Since
    Oct 2012
    Location
    Pittsburgh, PA
    Posts
    925
    Thanks (Received)
    16
    Likes (Received)
    34

    Re: Warning! Your site has been infected with malware...

    Greg jumped in and answered a private message I sent him. The biggest things he mentioned were changing the UN/PW for the database users, update the wp-config.php file, and looking for patterns (hacked URLs/hacked content) within the database.

    @scott - Who were you running hosting through? Mine was Godaddy (another reason why I don't recommend them for hosting... ever).
    My rarely updated website (I should fix that) - https://www.ericrohrback.com
    Follow me on Twitter
    Want to talk? Book time with me here

Similar Threads

  1. Replies: 2
    Last Post: 12-18-2014, 01:09 PM
  2. Replies: 8
    Last Post: 09-10-2013, 03:26 PM
  3. WARNING - Google Maps Phishing Email - Maybe Malware?
    By Linda Buquet in forum Local Search
    Replies: 3
    Last Post: 12-10-2012, 08:11 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
GradeUs above footer new