How Should You Recover When Google Says Your Site Has Been Hacked?

As your day begins everyday with birds tweeting, traffic is smooth and your cup of coffee is hot and delicious, you walk into your workspace with a hope that your website rankings will continue to shine brighter than the day. Unfortunately, it does not appear to be so, as your rankings are the lowest and you are bogged down with multiple warnings from Google on malware. Could it be that you have been hacked?

Don’t start having meetings with your staff to find out who the culprit is. Its most likely that your website has been hacked by a hacker who has uploaded codes that are malicious on your website and left.

You may lose the confidence of your visitors as computers may be infected with malware and there will be a serious dipping in search engine rankings. It would be advisable for you to understand and study the level of these attacks and how well you can deal with them.

So, how does a site get hacked? What are the results of such hacks?

Installing malware on a website can have different motives. But the most prominent motive for any hacker is the fact that they get a large amount of financial gain. Almost ninety percent of the hackers want money and rest of the hackers does it for fun. There is a surge in the amount of software that is sold as scareware. Such software is installed in a website that are more like tricks to make the person logging into the website, buy the software as a cure to the scareware. It is a mask created by the hacker to hide the real Microsoft virus scanners which are actually malware.

If you perform your study accurately, then, you might get some valuable information from your internal networks on the purpose of the hacking. The reason for hacking may be as simple as spreading malware software on all computers possible and extorting money from you or the computers hacked.

How does a site that is hacked look like? This answer is rather simple, as the hacker may have simply modified the code of your website such as a JavaScript code to the index.html/php pages.

The JS code, that is malicious for the website is added by the hacker on entry, to all files. This code can create havoc on all pages to all users. Some of the havoc includes creating spam, redirecting PageRank of a website to the hacker’s site, triggering an automatic download of malware on drive-by visitors to the site that can infect all computers. This is nothing but damaging to your website and your business and staff.

What could be the possible causes for hacking?

No matter what kind of security you have taken membership to, even the best of the best cannot prevent such hackers. There are backdoors to all elements on the web, no matter how many of them are plugged. So, if you are using any of the web links like SimpleCMS, WordPress, Magento, Joomla and other CMS that is open source, it is quite possible that you have compromised your SQL position for further injections.

Hackers commonly attack those computers that are used to develop the website and not the website directly. No matter how many spyware, updates or patches you have managed to inject into your webpage, you will find that your user computer is infected. So, how does that happen?

The hacker ensures that he hacks the site first, but on failure, he attacks the less secure site. Once, he has accessed the website through the drive-by software that auto installs on the computer, he is able to access your user computer. The JS code is loaded automatically and installs the malware ready to be injected in all computers who have visited the website.

If the user is a WebMaster, then, he should be able to see the signs that the computer has been hacked. For instance, there may be signs such as multiple hour glass figures, or long period for running regular tasks on Windows.

So, if the malware has been injected into the computer used by the WebMaster, how is it possible for it to be injected into the website?

The answer is simple, the signs that were initially there, soon disappear from the webmaster’s computer. The malware functions in the background as the webmaster is busy accessing directories and browsing the internet. The malware continues its search for data and further logins such as those for other sites.

It is very surprising to know that most websites store passwords of members using FTP programs in plain text. This is an easy way for the hacker to access important information from the malware software that sends these highly sensitive passwords.

What are the possible ways to fix or clean the website?

It is never that easy to clean a website that has already links and sublinks. So, if you are familiar with codes and coding, then, you may be able to do it on your own. But, it is advisable to call the professionals. Here are some tips to follow if you want to try doing it on your own:

The idea is to start with cleaning. The initial step is to flush out all possible malware programs before you begin fixing the damage done. If you try a program scan and then fix it, then, it would possibly repeat the entire cycle.

  • Ensure that you report that you have been infected to your hosting provider and your IT development team.
  • Ensure that all the computers in your company are scanned. These computers need to be checked as they are the ones accessing your website.
  • You could also try running multiple scanning tools that are available such as SpyBot Search and Destroy, Malware Bytes, ComboFix and Microsoft Security Essentials. Ensure that they all are updated with latest updates before scanning.
  • Try going to Windows- Run – msconfig- scan. This will scan all items in the startup directory.
  • Look for suspicious items in the Registry Editor.
  • Ensure that you change all passwords.
  • Another way is to download all files and folders that have been hacked for fixing and reviewing.

 

Leave a comment