How To Check A Site For Malware
If you’ve got a client worried that their website appears to be compromised, they are likely searching for answers quickly.
Don’t panic! We’ll show you how to search the website for malware and what you should do if you spot one.
Remote security scan for websites
Tools available remotely scan your website to identify malicious payloads and malware sites. Remote scanners aren’t as robust, but they do provide some immediate answers. We suggest making use of Sucuri SiteCheck as the first step.
Go to the SiteCheck site by visiting sitecheck.sucuri.net. Click Scan SiteCheck’s website.
Check the warning message for payloads and possible locations if the website is affected.
Click More Information in the upper right of the page. Examine the iFrames, links, embedded objects, and scripts to find suspicious or unidentified elements.
If you host several websites on one server, we advise looking at each of them. Cross-site contamination is one the main reasons for infections. We advise every web admin to block the hosting accounts of their clients and web-based accounts.
Recently modified files are available on the website
If you’ve had the unwelcome 2 a.m. phone call from a user asking why their website isn’t working, It’s possible that something that has recently occurred recently has changed.
The use of command-line options on the server could aid you in checking recent modifications to files:
- In your terminal:
$ search /etc -type f – printf sort -r.
- If you wish to view directory files, type this into your terminal:
$ find /etc -printf’TY-TmTd sort -r .
- Any unusual changes in the last 7-30 days might be suspicious. There has been malware that remains undetected for more than one year.
Check Diagnostic Pages
If Google or other security agencies have banned your site, you can use its diagnostics tools of Google to determine the security status of your site. If you’re not registered to free webmaster tools, We highly recommend you check all of your client’s websites to keep track of any security issues.
- Google Transparency Report
- Google Search Console
- Bing Webmasters
- Yandex Webmaster
Search the database for script tags that have been injected.
Utilizing the Hub using Intentjet Pro
It’s free to sign up to The Hub from Intentjet Pro, and you can connect your clients’ websites to the free tool, which includes the backup of their sites and scans for security.
Create an account for free, click the Sites on the top menu navigation, and include your client’s site.
After you have added a website on The Hub, you can activate and perform The security check that will check the website for malware and other known weaknesses for free.
Cleaning a hacker's website
If you feel at ease, there are ways you can get rid of the client’s website by yourself.
However, if you’re unfamiliar with editing databases tables or website files, get help from an experienced professional.
Always create backups before making any significant changes.
As we’re discussing the topic, restoring an old backup is not recommended to rid yourself of a security breach. In many cases, hackers take over a site and leave backdoors unattended for months or even weeks before they ever utilize the site for anything criminal. This means you can restore backups but then get infected the next day because the backdoor was already in place in your backup.
One easy fix to resolve various problems is replacing the primary files used by your CMS. If you can accomplish this task, you will overwrite any files that hackers alter.
You may also use clues from earlier sections to identify backdoors, payloads, and modified custom files to guide them back to their original state.
For more details, read the article that is included in the description.
Remove backdoors
In the end, you must ensure you have rid of any backdoors installed by the hacker. Hackers will always have an opportunity to gain access to your website. In most cases, security analysts discover numerous backdoors of different types on hacked websites.
Backdoors are often hidden in files with names similar to core files. However, they are placed in different directories. Attackers may also insert backdoors into configuration files and guides for your themes, plugins, and uploads.
This Sucuri manual provides more information on the most common backdoor PHP functions you could find.
Using Intentjet Security
An option like The Website Security of Intentjet powered by Sucuri can run daily security scans independently.
Once you’ve created the Website Security, It will then check the website once daily, or every 24 hours, depending on the frequency you set.
If you’re concerned that the website is affected, you can request Website Security to re-scan, which usually will take less than 10 mins for the process to be completed.
If Website Security discovers issues during the scan, you’ll be notified via email and the next steps for fixing the website.
Conclusion
When you are handling the security of your website for your clients, or you use an outside company security service, you must make a plan.
Don’t wait until you receive an angry call from your client to think about the security of your website. Make a plan in advance so that you and your customers can rest easier.