It’s the 2nd time now that my website (micro8051.com) is reported as containing malware, and in fact when I check it I found on the website root some pages that were not made or placed by me.
I hardly make updates to my website, and I really don’t know how this nasty and annoying things can happen and how to prevent them to happen again.
For the 2nd time I “clean the house” (or so I think) but I’d appreciate if someone can check if there’s no garbage left, and some tips to keep it clean would also be welcome.
Thanks in advance for any kind of enlightenment, and for the great work done here.
Best regards
Mortymore
Hi Mortymore,
If I were you, the first thing I would do is call my web host. They should be able to help you nicely as well. If your web host isn’t cutting it, feel free to call me at (619) 479-6637 and I’ll help answer any general questions you may have regarding this issue.
That said, see this link describing why you’ve been reported as an attack site:
http://www.google.com/safebrowsing/diagnostic?site=http://micro8051.com
Google says:
Malicious software includes 4 exploit(s), 2 backdoor(s). Successful infection resulted in an average of 6 new process(es) on the target machine.
Malicious software is hosted on 6 domain(s), including 93.158.114.0/, rubengarceturismo.com/, saleforyou.biz/.
Your first step:
Remove all references to these hacks within your site. Likewise, make sure to change all of your passwords (just in case).
Google explains how to clear your good name nicely here:
http://sites.google.com/site/webmasterhelpforum/en/faq-malware-and-hacked-sites
Or, try this shortened link if the above is not working:
http://tinyurl.com/qoxr69
Pop back here if you run into any difficulties in working with Google to clear your reputation, or call me anytime.
Best Wishes,
Jim Walker
(619) 479-6637
12 years of 24/7 Web Hosting
and Security Expertise. It’s what I do.
In addition to removing malicious code that is clearly visible, you should upgrade any blog, forum, gallery, CMS or other script to reduce vulnerabilities created by outdated code.
You should be aware that many of the more current web-site hacks are the result of malware on the local computer(s) capturing login credentials. The FTP credentials can be captured and used to hack the sites.
While your issue may, or may not, have originated with malware on the local computer, you should examine and clean (if necessary) the local computer, using multiple products that you don’t currently use (as no single product is able to detect and remove all malware), change all passwords and consider using SFTP or FTPS as a more secure protocol. Do not store your login credentials in your FTP client, unless you are certain that the information is encrypted.
Be sure to use updated versions of your operating system, browser, and other applications (especially Java, Adobe Reader, Adobe Flash, Quicktime, RealPlayer etc). Many are recommending that you disable javascript in Adobe Reader.
Consider using a non-administrator account on your PC for daily work and only use the Administrator account when necessary.
The following resources may also help you evaluate your site:
How to remove the “This site may harm your computer”
http://25yearsofprogramming.com/blog/20071223.htm
How to prevent your site from getting hacked. How to repair a damaged site. Website security precautions
http://25yearsofprogramming.com/blog/20070705.htm
Tips for Cleaning & Securing your Website
http://www.stopbadware.org/home/security
