Detect and Remove Malware Software on Your Website

Detect and Remove Malware Software on Your Website
Page content

The Effects of Malware Software on Your Website

Google has malware software detection capabilities, and if Googlebot detects that your website is infected with malware, a giant red warning sign is shown when users click the link to your web page. For this reason, malware can cost website owners thousands of dollars in lost sales and web traffic. There are some ways to detect and find the malware software when you suspect your website has been affected. It’s imperative that you remove the malware from your system to protect readers and visitors and stop the spread of the malicious software.

Image Credit: Wikimedia Commons, Computer N Screen, by Free Digital Foundation

How Do Hackers Install Malware Software?

Hackers use several methods to gain access to your site. Google provides you with several ways that hackers place malware software on your server, and the company has suggestions to prevent it in the future. One of the main ways hackers find vulnerabilities is using keyloggers or viruses that grab the administrator’s password. The password is then used to gain access to the website page code or the server’s main configuration file.

Remove Malware from Website Files

One common entry route for hackers is through Wordpress. It is important that website owners keep Wordpress file versions up-to-date. Wordpress releases updates to its software, and these updates plug many of the common issues that allow hackers to gain access to your files. These Wordpress files should be checked for common malware software code, but any other dynamic coded files should also have a thorough check. This includes files coded in PHP, VB.NET, C#, or Javascript.

The first files to check are the Javascript encoded files. Search each file for an embedded “document.write” function. Hackers commonly place this function in Javascript files to write a redirect to the target website. If a document.write command is shown that sends the reader to an IP address or an unrecognizable website, then this is the location of the malware software that needs to be removed.

The other common function used in a hacked script is “base64_decode.” This hides the actual redirect to the hacker’s website, so the change to the website’s code is not so obvious. Check each of your PHP files for this text. Hackers typically place this function at the very bottom of your website code files, so it is not easily found with a quick view of the page.

Check the .htaccess File for Malware Software

The .htaccess file controls many of the behaviors for your website when readers visit your site. Hackers commonly place redirects in your .htaccess file, which is placed in the root of your website directory. This file is a plain text format, so you can view this file quickly using any simple editor. Check the file for any redirects to an IP address or a website you don’t recognize.

Assessing Malware Damage and Cleanup

Google provides some steps to remove malware and file for a review in case the site is detected as malware. For extreme cases, you can also restore your website files from a backup. Unfortunately, any recent changes to the files are lost, but it gets the website running, so you no longer lose money. Additionally, it’s important that you find the security hole so hackers will no longer able to gain access to your site in the future.