Tag Archives: Hosting

Google WMC says you have malware!

Its scary and what does it mean?

So, you get an alert inside Google’s own webmaster central. If you are not fully technical what do you do?
Well you need to find out if it is real to start with. If you search around, the information including the G’s own FAQ say to look inside Webmaster Central.

Google WMC malware alert

Google WMC malware alert

It warns you that your server is affected and it will display a warning in the SERPs that will effectively kills your traffic and therefore business!!

Google Warning on your SERPs

They do link to a site called Stop Badware which has some useful tips.

This site has the most common scenarios and suggestions on what to do. It is not fully comprehensive and if you have technical people in your organisation, I suggest you get them involved immediately.

But worth a read as it has tips on identifying, removing and preventing malware.

The 3 most common things to look for:

Malicious scripts
These can either redirect users or force malware into a users browser. These can be in the code or even in images or stored assets e.g. .pdf, jpgs etc etc. They are often set up to look very similar to regular code, maybe with a type-o. And can commonly only have a pointer in the code, that pulls the badware from another location on your server (which is hidden deeper) or from an external source.

.httpaccess redirects
This is a common way of managing redirects and if hacked this could send your site visitors to another location for the badies own ends.

Hidden iFrames
An iframe is a way of pulling in another webpage and loading it on to the page. If a hacker gets an iframe to open inside your site, your user could be infected. They may not even show up, but just load in the background.

The suggestion is to use this URL to find out more information. Just replace your own URL at the end.

http://www.google.com/safebrowsing/diagnostic?site=www.adrianland.co.uk

You will see a set of screens like these:

Google diagnostic screen

Google diagnostic screen

This is a relatively clean screen. But recently, I have had this twice. Once for a small community site and yesterday at my day job. You can click on the information and it gives you more examples. Through the AS records and even at a site name level. Luckily in both these recent cases, it has actually been another site who uses a shared service. Either shared hosting or a shared CDN. Therefore, just request a review.

But what to do if you are infected?
Well this depends on your skills. In all scenarios you need to remove the malware form your site (if you are actually infected). So, either remove the code and/or if it is a hosting company that are useless, maybe move your site. Then definately work on your security. Do you upgrades, either your CMS, your admin and passwords, or update your server security. And I will leave others who are far better qualified to discuss that. Then request a reinclusion review.