What to do when Your Website is Attacked by Virus, Trojan or Malware?

What to do when your Website is attacked by Virus, Trojan or Malware

Recently many of my websites were attacked by some malware which injected unwanted scripts in various pages of my sites, it was very annoying and very time consuming process to remove those scripts. Later I found that various browsers has declared my websites as malware website which severely affected the traffic and ranking of my websites. It really gave me nightmares and kept me awake for several nights. Good thing is that after this whole process I learnt my precious lesson and learnt how to avoid such situation in future. I did extensive study on what are the reasons and how to protect my site from such mishap.

Cause of Attack

Primarily there are two types of attacks-

  • External Attack – SQL injection, exploiting open source vulnerability, exploiting scripts.
  • Internal Attack – When password is compromised through infected virus infected computer via password stored in FTP client and any connection manager.

It is very difficult to safeguard your website from external attack which I’m still learning and will share about that in future, but here are few tips to safeguard your site from internal attacks.

Detection and Recovery for Internal Attack

  1. It’s very important to detect the nature of virus, for that SVN is very helpful, SVN can instantaneously help to detect any kind of change in your code also we can recover website in a single command.
  2. Once the Trojan is detected, if we don’t have SVN then it needs to remove manually or by using some search and replace command. (Note – Be very careful while using search and replace command since a lot of files is being changing so any wrong command can damage the whole site )

Precaution for Internal Attack – Here are few things if you do it at personal level then you may avoid most of the attacks –

  1. Never save password in FTP client or any of the connection manager.
  2. Change password regularly.
  3. All Folder and file permission should be 655 or 755 only the cache and upload folder should have write permission.
  4. Keep the computer clean of viruses with proper antivirus.
  5. Create SVN for sites.

Once you website get hit eher are the Action Item which you can take

  1. Change all FTP to SFTP only
  2. Scan ALL machines/laptops for virus / malware
  3. Block FTP port from Routers
  4. Change all FTP passwords
  5. Create SVN
  6. Allow SFTP from selected IPranges only
  7. Create backup script for hosting server
  8. Actively track all above action items to closure

Leave a Reply