Malware and hacked sites are more common than you might think. According to Matt Cutts’ recent video even people like Donald Trump and Al Gore have had their websites hacked.
“Malware” can be any kind of malicious code that is designed to cause problems for a computer or network. Examples of this include spyware, Trojans, viruses and worms. It could also include a hacker making changes to the site adding extra pages designed to phish customers. This means tricking them into giving out personal or credit card information. Malware may change/steal your passwords, access your credit card details or other personal information, hijack or lock you out of your computer and much more.
Checking for Malware
Register your site in Google’s Webmaster Tools (google.com/webmasters) to prove that you control a particular site by loading a special html file onto it, which will then signal to Google that you control that page. Once you have an account set up you can click the diagnostics tab on the left and click on Malware. If your site is clean it will simply say “Google has not detected any malware on this site.”
If your site does have malware then you should quarantine the site by taking it down immediately and contact your web host. If they are aware of it already, say, it has attacked other sites they are hosting they may already be attempting to fix the problem.
You should also change the passwords of everything, this includes the FTP access, admin accounts, CMS accounts, users. Also double-check what users exist — perhaps the hackers created some new accounts.
Some steps to prevent malware infection:
- Within Webmaster Tools, go to Search Queries and look at what see what some of the search queries Google can find on your site, if anything unexpected like “Viagra” or “diet pills” or other typical spammy topics are appearing (and you know you have no posts about those topics) then you might have an infection.
- Make sure your websites emails are forwarded to an email address you check regularly in case Google notices the malware and tries to notify you. They will also notify you on the Webmaster Tools home page.
- Be careful of third party content on your site such as any widgets or ad networks. Ad networks can sometimes be dodgey and have malicious scripts in them. Most are fine though.
- Make sure any computers you use to access your site are safe, with the latest anti-virus programs installed and up to date to prevent any virsuses, trojans etc from affecting your site.
- Keep your CMS e.g. WordPress and plug-ins up-to-date.
- When making new passwords make sure they are very hard to guess, using different capitalisation, symbols, numbers etc. Don’t use common passwords like abc123, love, god, letmein etc.