I got a virus!

Recently, one of our clients’ website had been hacked and injected some malware scripts, that essentially took down the entire website and was blacklisted by Google. See example. As noted on Oliverf’s blog, he states:

Several browsers use data from Google’s malware list to protect users. Firefox 3, Chrome and Safari all check sites that users are visiting against Google’s list and warn users if they are about to visit a dangerous site. There are some small differences in implementation across browsers that can cause confusion.

All three browsers check the address of the top-level page a user is navigating to. That protects most users in most cases. But, a web page can include content from another web page and if the included content is malicious then users may be exposed. Chrome (and Safari*) check every request against Google’s malware list. This means those browsers will protect users even if malicious content from a flagged page is embedded on a non-flagged page.

In the case of our clients’ website, she was running a non-updated version of WordPress with a vulerable htaccess file and open permissions i.e. 777.

In the case of a compromised website, you should follow these steps.

1. Change all the passwords including FTP, database and access to control panels
2. Back up the data
3. Find the badware and get rid of it, see link at StopBadWare.org
4. If that reference didn’t work, Media Temple has some great documentation. Ref. Wiki Media Temple
5. Once you are 100% sure you’ve cleaned up all the junk, set up a Google Webmaster Tools account and request that the site be reviewed by Google to “de-list” your nasty website. Ref. Wiki Media Temple

GOOD LUCK!