How To Remove Malware
& the Warning by Google
Google now warns users when they detect malware on a website with the ominous message
"This site may harm your computer". Few people will go past that warning to your site. So, if
your site has been flagged, you should take it as strong evidence that your site has been hacked and you
need to take immediate action. To get the warning removed, you first have to clean up your site. This
isn't really an SEO Tip, but if your site is flagged, none of your SEO efforts will help you regain your
traffic. This article contains my recommendations on fixing a hacked site. how to remove Google's malware warning,
and a Website Malware Prevention Checklist.
Removing Malware: What To Do When Your Site is Hacked
As I said, if Google has flagged your site, it's a virtual certainty that your site has been hacked. That is, there are files on your website that have been modified to include malicious software called "malware". But many webmasters have little experience dealing with this level of security issues, so this is a useful guide for inexperienced webmasters to dealing with malware.
-
Start by doing a thorough virus scan of the computer that you use to create your website. It is very important to insure that you have removed any virus on your computer that can be used to alter the files for your local website files or to steal your FTP account user name and password information. This insures that your computer won't simply be re-infecting your website once you've cleaned it. Most people use anti-virus software as a matter of course, so it's important to supplement this process with software that you do not use on a regular basis to be sure that no infections have gotten past your regular anti-virus software. There are several good free anti-virus or malware scanning programs available online. I recommend Spybot: Search & Destroy, or Malwarebytes' Anti-Malware. Either one will do a thorough scan of your computer and will remove any suspicious files.
-
Change the passwords on all of the FTP Accounts for the website. Hackers are increasingly targeting FTP account access information - user name and password - to spread their infections. Changing your password on a regular basis is also a good security practice in any case.
-
Delete all of the files from the server. The best way to remove an infection is to wipe the server clean, because hackers often add files to a site that either re-infects the webpages or opens a backdoor to the site for manual access. The only files you can leave behind with relative safety are your mySQL database files, since they're almost always on a separate server and are rarely a source of malware. But if you have recent back-ups of your mySQL data files, you should strongly consider restoring the database files on the server from your back-up copies as well.
-
Restore the files for your website from your local back-ups. Check the malware warning from Google to see which pages they marked as suspicious, and manually check to see that your local copies of those files are clean. It's also a good idea to check the last modification date on the local files to see if they appear to match the dates when you last updated them. If all is well, you can go ahead and restore the site by uploading the files.
-
Update all blog, forum, gallery, CMS, and all other scripts that you use on your website to the latest version. Most hackers gain access to websites by exploiting known vulnerabilities in older versions. The people who make these scripts are usually very good at keeping up with hackers, but you need to watch to see when updates are released and install them as soon as possible. Once you've updated the scripts on your website, be sure to update your local copy as well.
-
File a Malware Review Request through Google's Webmaster Tools console. Google will periodically re-scan a site to see if the problem has been repaired, of course, but that can take quite some time. Filing a Review Request gets your site examined much sooner and will usually get the malware warning removed within a few days (often sooner, but...).
In summary, the key steps to removing Google's Malware Warning are: (1) Removing the malware from your website, (2) Closing any holes in your site's security, and (3) Filing a Review Request. If you follow these steps and still have trouble, you can get more help by visiting Google's Webmaster Help Forum where there are people who will examine your site and make recommendations. You can also always check to see if your site is currently flagged by Google by visiting:
http://www.google.com/safebrowsing/diagnostic?site=example.com
Just replace "example.com" at the end of the above URL with your domain name. You can also use the form below:
Website Malware Prevention Checklist
You should also make the following a part of your regular maintenance schedule to insure the ongoing security of your website:
- Make complete back-up copies of your website files and database files at least once a month.
- Check for updates for all of the popular scripts that your website uses at least every two weeks.
- Run anti-virus scans of your computer with at least two different anti-virus programs once a week.
- Check Google's Safe Browsing diagnostic tool at least once a month and whenever your site's traffic takes an unusual dip.
- Change the password on your website FTP account at least twice a year. And don't use the same password that you use anywhere else.
- Scan your server log files regularly for unusual 404 errors which can indicate someone is probing your site for security flaws. Then ban the IP addresses of any suspicious users in your .htaccess file. My free Server Log File Search Tool makes this easy.
These steps will help reduce the risk of your site being hacked, and will also reduce the risk of losing any important information if your site is hacked despite your efforts. It's also a good idea to sign up for Message Forwarding in Google's Webmaster Tools so that any malware warnings are automatically sent to an Email address that you specify. That way, you are notified immediately if Google detects any problems with your website. If you need help beyond this information, see my Website Malware Removal Services.
This page was last updated on March 30, 2012.
More SEO Tips
Preparing Your Website for Search Engines
Search Engine Friendly Web Design
Optimization Common Mistakes
Why Is My Website Not Indexed?
Get Higher Google Ranking
Search Engine Ranking Factors
Getting Links for Your Site
Finding Keywords for Search Marketing
Search Engines and Frames
Fixing Google Canonicalization Errors
Multiple Domain Names Problems
Top 10 Search Engine Optimization Myths
Google's PageRank Explained
Site Redirect Without .htaccess
Why Did My Site's Google Ranking Drop?
Tracking Codes in Your Links/URLs
HTTP Server Response Header Checker
How To Tell If A Site is Banned
How To Set Your Website's Geo-location
Google Malware Warning
Removing/Blocking HTTPS URLs
Best Way To Change Your URLs
How To Use rel="nofollow"
Need More Help?
You'll find more SEO Tips on the menu on the right side of this page.
You can also contact me with your SEO questions.
If you can't fix your website search engine problems on your own,
my Search Engine Optimization Services
can give your website what it needs to get your fair share of search engine traffic quickly, without disturbing your website's design, and without breaking your budget.
Call Richard L. Trethewey at Rainbo Design in Minneapolis today at 612-408-4057 from 9:00 AM to 5:00 PM Central time
to get started on your affordable website design package or search engine optimization program today!
Comments or Questions?