There are many blogs and websites that are being hacked and infected by Malware each day. The hacker embeds malicious code and links to websites that are deemed as bad neighbors or malicious. The hacker will use the attribute display=none so that the site owner and visitors can’t see the anchor text and or links to these malicious sites.
The danger of not knowing what is embedded in your site can make your website unsafe site by Google. Although you can’t see the code, Google can still crawl your site and index those links that are found in your source code.
How to check if you have malicious content on your website?
I was recently hacked not once, but twice and unfortunately I was unaware of the embedded code left by the hacker for more than 2 months. In order to find this malicious code you will have to view the source code in your browser. If you’re using Firefox, go to View/Page Source. Check to see if there are any random links going to various sites that are usually related to drugs, gambling, porn, etc. These links are usually at the open <body> and closed </body> tags of the main index page.
How to Remove Malicious Links
If you have a self hosted WordPress blog, upload the core installation files which will over-write the existing files that currently reside on your server. After the new files have been uploaded, check your source code on your index page and see if the malicious links are gone. If you’re using Firefox, go to View/Page Source.
You should also do the following:
- Change your WordPress admin password (Use no less than 8 characters with at least one number, one uppercase character and a special character)
- Change your FTP password
- Check your .htaccess file/s for any malicious content and set the file permission (chmod) to read only
How to check if your website is safe with Google
You can view the Google Safe Browsing Diagnostic Report for your site at:
http://www.google.com/safebrowsing/diagnostic?site=yoursite.com
Replace yoursite.com with the name of your site.
The Google Safe Browsing Tool will show you what pages are infected, but it will not give you details on what type of Malware.
You can also check your website for Malware by using the Norton Safe Web Tool by visiting http://safeweb.norton.com/. This tool is very useful, because if it finds Malware on your website, it will report the type of Malware and the specific files that are infected.
Thanks! I’ve been meaning to find some alternate way of seeking this out – that google safe browsing diagnostic tool is no help whatsoever (or, maybe it is if you are actually denoted as a bad site) but for now – everything shows up as the same answer.
e.g. http://www.google.com/safebrowsing/diagnostic?site=themilkyway
http://www.google.com/safebrowsing/diagnostic?site=PlanetKlingon
Hart,
That’s why I always try to provide other tools to check the health of your blog or website.
The entire concept of hacking a website and embedding malicious code freaks me out.
Jay,
It’s disturbing, but it’s how hackers market other websites.
Very interesting topic one truly important to keep up on.
Thanks for keeping us informed.
Bunny,
I hope this hasn’t happened to anyone else, but I do check my friends blogs from time to time.
Tech blogs are the best source of information when it comes to tips and real experience when in comes to blog hacking and my blog is never an exception.
My blog has been hacked once but there’s no SQL injection made or RFI. What the hacker did was delete the contents of my index.php file that made the page blank.
I’ve learned my lesson and put in some tips too if you don’t mind me sharing it here:
http://softwarecritics.info/open-source/blogosphere-alert-prevent-your-wordpress-blogs-from-being-hacked/
I even switched hosting after the incident because they simply cannot help. I’ve made a fresh WP install afterward to make sure no injected files are left.
Mathdelane,
Thank you and I am glad to share this type of information.
It’s very necessary to remove Malware from an Infected Website, because stops the proper working of a website. Your post is really very informative to know all these stuffs.
Definitely some great tips. Also, in addition to FTP passwords, if you have a login to a hosting account like GoDaddy, change the password to that site as well as it can lead to your FTP.
~ Kristi
Kristi,
In most cases, your FTP login is the same as your Control Panel login with your hosting company.