Malware/Hack on website, what to check?

Issue: Site hacked, payload dropped, compromised. How, where to go, and what to do.

FIRST: Resolve and remove the offending content
– Restore your website from good backups
– Double-check your files, if it’s a CMS (like WordPress), try to restore from the original install files and ONLY bring in necessary files (ie. wp-content/themes/plugins folders, etc.)
– scan file/folders for any affected malware/viruses
– search for eval and base64 code that shouldn’t belong

SECOND: Search online for site blacklisting and use online scanners to verify your findings
– https://www.dnsblacklist.org/ – blacklisting
– https://quttera.com/ – online scanner

THIRD: Line up for a battle to remove yourself from these blacklists
– It might be in your best interest to go after the larger providers
1. Google, you have to prove you own the domain, then submit a removal request. You may need to submit a few requests to be removed.
2. OpenDNS – open a ticket with their support team and wait for their response.

FOURTH: Now that you have time, review your files, logs (FTP, web, etc.)
– Determine the cause and entry point for the site infraction
– secure entry points and test to make sure they are secured

Leave a Reply

Your email address will not be published. Required fields are marked *

*