Your Website Got Infected with Malware? Get Sucuri!

So you woke up to day and found your website like this?

Yeah… it can be a pain. Not only your website is not working. It is also being blacklisted by Google.

Basically your website has been tempered with and now contains malicious snippet of codes for your website visitor. Because of that, Google blacklists your website and also browsers prevent users from opening them.

How did it get to this?

Well, there are many ways. First, maybe there are PHP scripts in your website that is not secure and provides opportunity to attacker to come and temper with your website. I have heard of cases where people download PHP scripts from “alternative” sources, avoiding payments. This maybe PHP scripts, WordPress plugin or themes, and many more.

And the guy that provided the download actually added some of his code in there which will allow him to do things on your website. What could this be? Well, maybe capture visitors’ information, replace your page with a different one, send spam emails from your servers… the possibilities are endless once they have access.

It could also be that your website was actually hacked. How, well, again… numerous ways.

Another way that I discovered on how this could’ve happened is with a technique among hackers called “domain jumping”. You see, normally each website on a server has its own folders. A malicious script on the server could potentially trigger a command to see what are the available folders and start going into them one by one and infecting websites. When something like that happens, it is the web hosting company’s responsibility to fix them. But then again, you can’t really rely too much on them. It is better you take your own steps to fix this.

Sow What Do I Do Now?

I got this problem some time ago. And it was really a pain. I cleaned it all up myself. I downloaded EVERYTHING from the server. It was almost 1GB in size for everything. That took a long time. And then, I had to go through every PHP file to check what’s inside. There were thousands of files, over 10,000.

After a few files, I could see a pattern. And it is not one pattern. There are several. From what I can gather, I am not infected once, but by many types of malware. The goal is to remove the malicious codes from your PHP files. Seeing the pattern, I wrote a simple script that would crawl my downloaded website, open PHP files and check the content, trying to find codes that match the pattern for malicious codes that I found earlier.

The huge pain was when I found new patterns. And when I do, I would have a to update my script, or write a new script to crawl and fix all PHP files again. I think I ran my script maybe like 10 times through all the PHP files that I download.

You would also have to find “newly” create PHP script, that was created by the infected PHP script. These new PHP files are actually backdoors created for the attacker. Sometimes it is hard to find these backdoors as their name looks very much similar to your normal php script. For example, it could be like config.php or settings.php, or it would be mimicking an actual important file. So you can’t simply just delete it. You would need to check them, find out and be really sure before deleting them.

When you are done, of course, there uploading work again. Just how you download them, it would take just as much time to upload them back again. Most internet has different upload and download speed, where upload speed is much lesser than download. That is what my ISP has for me. So this time, uploading takes a lot longer than download.

At first, I thought I did a good job after almost a week, day and night, fixing it. But then, the problem reoccurs. And all that my web hosting knows is to shut down my website. It appears I missed a few things. So I did this process all over again. Download, fix, scan, find, delete, upload …

At times, I think perhaps the web hosting is the problem. It could be that domain-jumping thing… maybe other people’s website on that same server was infected. And the script can scan and crawl from folder to folder infecting other websites in the server. But of course, the web hosting would deny this.

Don’t Forget Submitting a Review for Google Webmaster

Oh yeah … after all that, your website may still be blacklisted by Google. What you need have your website added to the Google Webmaster panel. And then you need to submit for a review by Google. They will deploy their bots to check your website. And if everything is OK and clean, they will remove you from the blacklist.

More on Google Review here

In the end, I moved my website to another web hosting. But now, I found out about a service that can take care of this much faster, easier — just that you would have to pay for it. But even so, it wouldn’t have take much painstaking time on my hand. The service is Sucuri.

$299 To Fix Your Malware Infected Website, With Active Monitoring And Re-occurrence Clean Up For One Whole Year. Your Website is Already Infected? No Problem! No Extra Charge.

At first I thought Sucuri acts like an insurance — They don’t cover pre-existing conditions. But no! They take it all in. Whether you are already infected or not, the price is the same. And even if your website is not infected with malware, Sucuri will proactively monitors and prevents it.

How does it work?

If you are already infected, just subscribe and follow their guide on how to submit for a cleanup.

After that, for active prevention and monitoring, you have to update your DNS to divert traffic via their network and servers before going to your website. This will act like a firewall for your website where Sucuri will prevent attacks, such as DDoS, hack attempts and more.

If the firewall fails to prevent it, and your website is infected with malware, just submit a ticket to get your website cleaned up.

I think Sucuri is definitely a friend you want on your side, if you want to avoid wasting time and money fixing it, submitting for Google Review and also not to mention the amount of money you’ve lost due to downtime. If you run an e-commerce, that could mean thousands of dollars of lost sales. Or if you run a blog, that is also advertising revenue lost.

Anyway, I hope you will check out Sucuri. Setting up Sucuri may get slightly technical with DNS, FTP and what not. If you get Sucuri via my affiliate link, and you need help setting up your Sucuri, just get in touch with me via the comments. I will do my best to help you with it.


12 Responses to “Your Website Got Infected with Malware? Get Sucuri!”

  1. Peters said:

    It’s quite top publish. i’m essentially glad with your exceptional paintings. You placed truely tremendously supportive information. hold it up. continue running a blog. great blog entry. Feel free to surf college paper writing service

  2. Allen said:

    This will act like a firewall for your website where Sucuri will prevent attacks, such as DDoS, hack attempts and more. 1Z0-161 exam

  3. Miller said:

    I am also facing this problem with my website and you have shared some interesting stuff about us which is about your website got infected with malware. You have shared the best solution for this problem with us here and I will must try to use this method.
    Click to buy castor wheels in UK

  4. london bricks said:

    My website was Got Infected with Malware, but thanks God, my web developer recover my website within 2 hours

  5. Jordanwer said:

    Yeah Its a big issue now days when anyone site can be affected by malware can we protect our site.? from malware. I think we can’t do anything but we can recover the error later on.
    non slip for decking

  6. jewel said:

    Having read this I believed it was extremely informative. I appreciate you finding the time and energy to put this content together. But so what, it was still worth it!
    Die Cut stickers

  7. James said:

    I have just found your website it’s much interesting for me and others. Keep doing best and sharing useful information in future.
    247 water damage dallas

  8. Diana Thenerd said:

    If there’s an update to your computer waiting in queue, don’t let it linger. That is the main reason a maximum number of online academic writing websites keep updating their websites. Updates to operating systems, browsers, and plugins are often released to patch any security vulnerabilities discovered. So while you leave those programs alone, cybercriminals can find their way in through the vulnerabilities.

  9. lisa said:

    my website and you have shared some interesting stuff about us which is about your website got infected with malware. You have shared the best solution for this problem with us here and I will must try to use this method.

  10. Henry said:

    Amazing way to recover your website from infected malware. I am very happy and must agree with your well written article, Thanks

    cereal boxes

  11. Luna Nee said:

    Mood killer your printer after use to maintain a strategic distance from “little cleaning cycle.”
    Print a few pages at any rate once every week as it will shield the ink from drying out in the spouts
    Attempt to utilize certifiable cartridges for your Epson printer. If not accessible, consistently utilize the most noteworthy nature of good cartridges.

  12. omia said:

    We are such fans of bark. I love that Mickey makes an appearance in this one!Condominios en Curridabat

Leave a Reply