There are many websites which host malwares (unknowingly) but they look like pretty nice and authentic sites in order to trap the visitors. Google Safe Browsing tool is a tool developed by Google which helps you to test a website which you think may not be authentic or has malware hidden in the source codes.
In order to check if your site has an suspicious code or malware then, you just need to type the following in your browser address bar –
http://www.google.com/safebrowsing/diagnostic?site=[website url].
For example we checked our site by going to http://www.google.com/safebrowsing/diagnostic?site=thesharath.com
Blogging is fun! BUT some hackers take advantage and try to hack sites. If you are a wordpress based blogger, then there is a plugin for WordPress that I recommend. It helps find potential viruses, javascript and iframe injections. The plugin is called WordPress Exploit Scanner.
Always upgrade to the latest version of wordpress, most security loop holes are fixed in the latest version of wordpress. And make sure you choose popular plugin rather than being a daredevil to test a new plugin you found on the internet.
First things first, Here is couple of things that you need to do if you think that your website is hit by malware.
- Identifying malware on your site
When looking for badware\malware on your site, especially badware due to hacking attacks, please remember to check the source code of your site as it is currently hosted on your web servers.
- Malware spread through ads running on your site
Always choose a good ads publisher to earn money. We believe in Google Adsense for our revenue, it easy to setup, fast and customizable and more than it’s entirely safe and doesn’t spread malware through ads scripts.
- Links posted in user-generated areas of your site
Always moderate comments and remove clickable links posted in the comments of your articles.
Two common types of injection attacks:
- Invisible iframes
<Iframe> tags are one of the many kinds of HTML tag codes that can be used as part of the source code that creates a website. An iframe creates a small window on a webpage so that another page can load inside the embedded window. Iframes are not always used for nefarious purposes; one frequent use, for example, is to embed remotely hosted dynamic content such as online maps into web pages. When used by malicious attackers, an iframe can be made so small that it is invisible, and the visitor to the infected page never knows that another page is also loading in the tiny iframe window.
If you see code for an iframe with width=“0” and height=“0” in the source code of any page on your website, you have found an invisible iframe. Iframes are most commonly inserted at the very top or the very bottom of a web page’s source code. A good first place to check for iframes is before the initial tag that starts a web page’s standard code, or after the final that ends a page’s code.
- Obfuscated code
Obfuscated code or scripts are designed to be hidden within the normal code for your site, so they can be hard to detect. The code is written specifically to prevent automated tools from discovering its purpose. The most commonly obfuscated kind of code is javascript, which is used to add functionality to many websites.
Encrypted code is harder to find, because there are no set patterns. However, encrypted code will look like a block of unintelligible text. Normal javascript uses a syntax based on actual English words. Encoded or encrypted text appears in a site’s source code as completely unintelligible blocks of letters, numbers, and symbols.
While most hacking attacks focus on html code, it is also possible for bad software itself to be uploaded onto a poorly secured site. Bad software can include unknown executables (such as files that end in .exe, .bat, .cmd, .scr, and .pif), javascript files, or even images uploaded to your site without your knowledge. Sometimes attackers will simply use your website to host badware and link to it from other victim sites. One method for detecting whether you are hosting bad software on your site is to download all of your source code from the live website onto a virtual machine and scan it using anti-virus and anti-spyware programs.
How do you remove malware?
- Contact your web hosting
Remove the bad software from your website and don’t make it available for download again unless you can be sure that it is no longer badware. You can learn more about what makes a piece of software badware in our guidelines. If you are the creator of the software in question, StopBadware may be able to offer recommendations for bringing your software into compliance with our guidelines.
- Don’t link to malware sites
Remove all malware links from your website.
- If ads are showing malware content
Remove all ads that link to malware. If you use an ad network, this may mean removing all the network’s ads from your site until you can be sure the network is clean. You may also want to contact your ad provider and let them know that one or more of their ads is causing badware to be linked from your site.
How does your search engine result get impacted?
Google always wants its users to feel safe when they search the web, and they’re continuously working to identify dangerous sites and increase protection for our users. A warning message appears with search results we’ve identified as sites that may install malicious software on your computer:
Google will not crawl\index and information from your site (which is bad for you). Hence no content from your site will show in the Google search results gradually.
For more information, visit http://www.stopbadware.org/. Also, Google maintains an Online security blog called Google online security blog, read it for more information.
Comments are closed.