It can be extremely frustrating when you open up your website only to find a big red page that says, “The site aheadHack contains malware.” The good news is, now you know how to fix it. If you don’t things may be looking up for you. The information below is a guide on how to understand what type of malware is attacking your website, how to remove that malware, and what preventative measures you can put in place so this doesn’t happen again.
What Blacklisting Your Website Means And How to Detect It
Up to 95% of your website’s traffic will be lost if a visitor sees one of these red pages. For companies that use their website as their main revenue stream, this can be a pretty big deal; especially, if your page remains blacklisted for days or even weeks. In some cases, it’s not that easy or quick to fix if you don’t know what you’re doing. The big red page you see above is one of many messages you can receive if your website is being attacked by malicious malware. Sometimes, companies may not even notice their website is hacked until a customer mentions something or you receive an alert from a preventative system that auto-scans your website for these harmful attacks (more on this later).
Examples of Blacklist Warning Messages
If you see a “Website Malware Warning” message, this could mean that your website is being automatically redirected to another website, dangerous sites are sending bad traffic to your website, or web spam was found on your website.
Alternatively, you could receive a notice of “Deceptive site ahead”, also known as Phishing. This is where fake pages trick users to enter passwords, payments, logins or any information that is personal.
“Pages Warnings” is another type of notice that can be found on Google’s search engine. This is when there are potential malicious scripts, iframes, software or SEO spam on your website, malicious redirects are detected, and things of that nature. Sometimes you can catch this error even before your site is marked as blacklisted.
The blacklist warning messages described above are some of the most common notices you’ll see. Warning messages may change over time and from browser to browser, but they all serve the same purpose letting you know that there is malicious content on your website.
Clean Your Site, But First – Find Out What Google Is Seeing
1. Find out what Google is seeing through their Transparency Report tool.
Investigate your site status by entering your website’s URL and selecting the magnifying glass icon to scan. Once the tool runs a can on your website, you will be presented with your website’s transparency report. Here you’ll find:
Site Safety Details
- Dangerous URLs that exist on your website
- Intermediate domains that could be injected on your website
- URL redirects behavior and whether people are being sent to your site or are getting redirected elsewhere
- Hosted malware
- Unwanted ads and apps
Testing Details
- Scan date is the date that Google last scanned your website
- Discovery date of potential warnings
Here are other free website malware detection tools:
- SiteCheck
- Unmask Parasites
- VirusTotal
- Redleg Aw-Snap
If for some reason you are not seeing any errors on this report, it may be because your errors are living on your server. Issues like backdoors, phishing, and server-based scripts are not detected in a browser. That said, you’ll need to run a report on a server side scanner. Whatever company your website is hosted with can help run this report for you.
Alternatively, you can check recently modified files on your server using an FTP client or SSH terminal. You can access both by logging into your hosting account.
- If you are using an SFTP, review last modified date column for all files on your server.
- If you are using SSH, you can list all files modified in the last 15 days using this command: * find ./ -type f -mtime -15
2. Remove Blacklist Warnings
Before removing anything, backup your site! This includes backing up anything from server files, database, custom files and log files on your website. In the event that you accidently delete something that breaks your site, this will help you retrieve that lost information.
After following step 1, you now know what needs to be removed. Next step is to actually remove it. Here are few ways to do it:
- Option 1: Restore fresh copies of your CMS and extensions. In other words, use the exact same version of core files, themes, plugins, extensions, etc.
- Option 2: Restore from a recent backup that is secure and doesn’t have any hacked files.
- Option 3: Remove hacked content from your website’s database. This may require consulting a professional if you are uncomfortable going into your server files.
When you are remove hacked content, make sure you are not overwriting any database configuration or custom files. Best practices are to first delete, then rebuild.
3. Get Removed From Blacklists
Your next step os to ask Google to remove you from their blacklist. First by verifying your website in Google Search Console. Once you’ve verified your website:
- Navigate to the Security Issues tab to review the issues Google has found.
- Select, I have fixed these issues.
- Click Request a Review. This normally takes a few days.
- Type detailed information in the box of what you did to fix those issues.
- Click the Manual Actions section.
- Continue to follow steps 1-4 until all issues have been removed from Google.
Preventative Measures To Keep Your Website Clean
If your website is clean and Google removed you from their blacklist, here are some steps to make sure your website is secure going forward:
- Update all of your website software: CMS version, extensions, plugins, themes, and any server software such as your cPanel and Apache.
- Update and/or make sure your passwords are strong for your CMS, FTP/SFTP/SSH server accounts, PHP admin panels, cPanel, and DB configuration passwords.
- Scan your computers for any malware!
- Make a back up of your newly cleaned site.
All of the items listed above need to be updated on a regular basis. If your website is on WordPress, you will be notified if your plugins, CMS, and extensions are outdated. This preventative measure is almost always underrated and if not addressed on a consistent basis, this can result in another malicious attack later on down the road.