All to often, people see the above error when viewing a site and occcasionally, some of our customers report it happening to their sites and ask for advice on how to:
1) Resolve it
2) Prevent it happening in the future
What has most likely happened?
In most circumstances this error is caused by an FTP login details being discovered by a hacker and them uploading malicious code. The issue can also arise by script injections. Google then indexes the site and then blocks people from seeing the site. This does vary from browser to browser.
How has the FTP password get discovered?
There are 2 main ways it happens:
1) The FTP password is a weak password e.g. a dictionary word etc that has been “brute forced”
2) Someone who has access to the FTP login details gets a virus on their computer and the virus collects the information and sends it off to a hacker.
How does a script injection occur?
This is basically someone looking for holes in the code on your site. This most often happens on open source software that is widely available on the internet e.g. forum software / ecommerce software. The holes in the code would exploited and the hacker could upload whatever files they like.
What form does the malicious code take and how do I remove it?
It takes 3 key forms:
1) An iframe tag linking to a dodgy website e.g. <iframe src =”http://….. on one or more of your pages.
2) Some javascript (possibly encrypted) one one or more of your pages.
3) Some rogue files somewhere on your site often php or js files.
You just need to find this code / pages and then delete it.
If you have a backup of your site on your computer, often a quick way fix the issue is deleting everything off your site and uploading the backup from your computer.
Once you have done all of the above, you need to ensure everyone can see your site again. In order to do this do the following:
1. Go to www.google.com/webmasters/tools/
2. Create an account if you don’t already have one and login.
3. Add in your site and verify it (if you haven’t already done so)
4. Then go to the diagnostics menu on the left hand side and click on Malware. You can then request that Google rescan your site.
5. A few days later and you should be all sorted.
How do I stop it happening?
Thankfully reducing the chances of this happening is relatively straight forward:
1. Ensure you have an up to date virus scanner running on your computer and do regular scans of your computer
2. Use FTPS rather than FTP (supported on all our servers)
3. Make sure you change your FTP passwords often.
4. Ensure any 3rd party scripts on your website are regularly updated to the latest version.
5. If you have coded your own site lock it down as much as possible e.g. password protected admin areas especially where there are file upload forms.
Any questions, queries, or comments, please let us know.
