You are likely looking for quick answers if you get a client panicking about their website being hacked.
Don’t panic! We will show you how to scan a website for malware and what to do if you find one.
Remote site security scan
Remote scanning tools can scan your site for malicious payloads or malware locations. Although remote scanners can only provide some immediate answers, they are not as powerful as those located on the internet. As a first step, we recommend Sucuri WebsiteCheck.
Go to sitecheck.sucuri.net, and click Scan Website.
Review the warning message if the site has been infected to find any payloads or locations.
To identify suspicious or unfamiliar elements, you can click Additional Details at the top.
We recommend scanning all websites hosted on the same server if possible. Cross-site contamination can lead to reinfections. Every website developer should ensure that their clients have separate web hosting and web accounts.
Your client may have recently experienced a site problem.
Terminal commands on the server are a quick way to review files that have been modified recently quickly:
- This command should be entered into your terminal
- Type in your terminal to view directory files
- It is possible that suspicious changes in the past 7-30 days could be occurring. Even malware that has been unnoticed for more than a year is not uncommon.
Check Diagnostic Pages
Google and other security authorities may have blocked your website. You can check your website’s security status using their diagnostic tools. We recommend that you verify all clients’ websites, even if you don’t have any webmaster tools. This will guide you keep track of any problems.
- Google Transparency Report
- Google Search Console
- Yandex Webmaster
For script tags that have been injected, check the database.
Using IntentJet Pro
Sign up for the Hub by IntentJet PRO free of charge. You can also add clients’ websites to the free tools, including security scans and backups.
Create a free account and select Websites in the main navigation menu. Then add your client’s website.
After adding a website to The Hub, you can activate it and run the Safety Check. This will scan your site for known vulnerabilities and malware at no cost.
How to clean a hacked site
If you feel comfortable, you can clean up the client’s website on your own.
Please ask a professional if you don’t know how to edit website files or database tables.
Always back up before making any significant changes.
We are not recommending restoring a backup to remove a hacker. Hackers will often infect sites and leave backdoors open for several weeks or months before using them for malicious purposes. You could also restore a backup and be infected the next day again because a backdoor was already on it.
A quick solution to many problems is to replace core files in your content management system. This can be done if you are familiar with how to do it.
You can also use the clues in the previous sections to locate payloads, backdoors, and modified custom files to restore them to their original clean state.
You can find more information in the link to the guide.
You should also aware that you remove any backdoors created by hackers. Hackers will always find a way back into your website. Security analysts often find multiple backdoors in hacked websites.
Backdoors can be found in files with names similar to core files but are located in the wrong directories. Attackers can also inject backdoors into configuration files and directories that contain your themes, plugins, and uploads.
You can also search the Sucuri for more information on standard backdoor PHP functions.
Using IntentJet Security
Sucuri powers a solution like IntentJet’s Website Security that runs daily security scans.
After setting up Website Safety, the system will scan your website automatically every 12 to 24 hours, depending on the frequency you have set.
Website Security can re-scan your site if you feel that it is infected. This usually takes less than 10 mins.
Website Security will notify you by email if it detects any issues during the scan.
It doesn’t matter if you manage website security for clients or use third-party services. It is vital to have a plan.
Do not wait to get a call from a client in distress before you start thinking about security for your website. You and your clients will be able to breathe more accessible if you have a plan in place.