I have 3 domain on my Host. 2 numbers of them have Malware. (as google say)
I have several questions about this:
1. My 3 website files are in 3 different folders. Can a damaged folder (= folder that have Malware), make the others damaged (= give other folders that virus)?
2. Can a full-format clean the host?
3. One my Websites made by Wordpress. If I get a backup of my posts, and then format the host, install wordpress and upload my posts again, can the Malware back to the hosts? (Can the Malware be in my posts backup?)
4. Is formatting the host and then Install wordpress again and upload my posts backup, bad for SEO?
Quite often Chrome will throw out the 'Malware' warning if there are links to other sites which contain malware. I've seen it when a user's avatar was hosted elsewhere and that site had it. Once the avatar was deleted the warning went away.
You might want to check exactly what it is that Google are saying. Is it that your site contains malware or that it 'contains links' to malware?
Ok, I contacted my - Linux - host administrator and they get a full scan of my files and found 5 .php virus in one of my domains. I deleted all of that domain (I don't need that anymore) Can I be sure that my host is totally clean and make a GoogleWMT review?
One of my Websites made by Wordpress. If I get a backup of my posts > format the host > install wordpress and upload my posts again, can the Malware back to the host? (Can the Malware script be in my posts backup?)
The fact that malware was installed on your site is not the problem. The problem is, your site(s) had a security vulnerability that allowed someone to install malware.
Regardless of whether you're using WP or not, if you restore your sites without making sure the security problem was fixed, then YES, your site can be hacked again.
Talk to your webhost, make sure they find out what caused the problem, make sure the problem is fixed, and then (only then) start thinking about restoring your sites and content. (The issue of google blacklisting you is even less important.)
Make sure you have up-to-date anti virus software installed on ALL computers that you own that have administrative and FTP access to your servers then run a FULL (emphasis on full NOT quick) scan on ALL of your computers. This will eliminate the possibility of them gaining access to your server through a Trojan on one of your computers. After that you can scan your site to see if it still has malware via many online site security companies like Sucuri (http://sucuri.net/) or Website Defender (http://www.websitedefender.com/). Hope this helps.
@BobbyJones After a Full local scan and cleaning my PC, how I can remove my current website's malware(s)? Should I use a - premium account of a - defender website or I can do that with a manual check? @traq I contacted them. They said I remove all of my host's files and then upload them again, with a strong exactitude. I'm not sure about this solution. @ChristopherBurton Sorry, I couldn't understand your purpose about compromised files.
farzadina: That seems odd. If there is malware on one of their sites, they (the hosting company) should be very interested in removing it and fixing the underlying problem - not just telling you to do it.
No offense to you, but if you don't know how to deal with these issues, then you shouldn't be the one doing it. That's just common sense. It's your host that should be fixing everything - in fact, they probably have a bigger vested interest in fixing it then you do (they wouldn't want the problem spreading to other paying clients, after all).
There are certainly some things that they would tell you - "don't use such-and-such script anymore," "don't allow people to upload that type of file," and so forth - but the technical end of it is their responsibility. That is what you're paying them for, right?
I have fixed website that have this problem, first question, what server service do you use? How much do they help you. If you need some help send me an email.
To clean the malware from your site does require some expertise, if you are not comfortable with or not experienced with dealing with site security issues like this then yes I would recommend you sign-up with either Sucuri or website defender. These companies will clean your site for you, as well as doing some basic things to try to prevent your site from becoming re-infected, additionally they will monitor your site so long as you have an account with them, and keep cleaning your site should it get malware again.
@traq is correct. My hosting company even went as far as terminating accounts to those who weren't updating Wordpress as it was effecting other account holders.
@traq Maybe I said something about my host client wrong. These are my sites, not their sites. And this malware is -only - in my website's files. Also with this description, should they be responsible and interested in fixing problem by them selves? If yes, it looks I should get a better host! @mevaser I sent you a message. @BobbyJones Thanks. If I migrate to a suitable host - like HostGator - should I use those security websites yet or they (e.g. Hostgator) do that for me? @ChristopherBurton I don't know completely with files were compromised, I think some javascript codes made me this problem. Was that what your purpose?
I think you can help me to remove the malware code by my self, because all of my files are less than 30 number. (all of the .html .js and .css files) *As I said, I have 3 domains. I checked them on Sucuri, just 2 number of them have malware and blacklisted and one of them is 100% clean. I get a full scan of my PC with Nod32, and now I can say it's clean. So should do the second step and cleaning my host. I need your help to do that: I removed all of website's files, but yet 'Sucuri' say me that there is malware-holder file yet. Why? (My host show hidden files also) Can the malware be somewhere else that public_html? The sucuri say that security warning URL is on: http://mydomain.com/404javascript.js Why/How I can't/can see that file?
Also, besides the good advice that BobbyJones gave about making sure your computers don't have viruses or trojans, make sure to use encrypted FTP, and make sure you don't store your passwords on your computer. Once, about 3 years ago, I was on my home network and doing some plain FTP. The websites I was working on got malicious code, and even after I removed it, it just kept coming back. The problem was that my mom's computer, on the same network, had a trojan/virus that was sniffing network traffic. It was taking my FTP login and sending it out to somebody else, and then that person could do anything they wanted to do to my websites! If I had used encrypted FTP, it would have never happened. I was reading about the trojan/virus, and it was capable of grabbing stored passwords, so I stopped storing them on the computer. Yes, it is a hassle to enter them every time, but it will save you from big headaches.
@farzadina - it doesn't matter who owns the sites - who owns the server? If you're paying a hosting company to host your sites, then they have an interest in your sites' security. (Realistically, this is true even of free hosting, but in practice you can't expect much when you're not paying for anything.)
Yes, there are things that will be your responsibility to address, but they should be taking the lead in situations like this, especially where more technical matters are involved. If they're not (or, worse yet, if they don't seem to care), then I would be looking for a more responsible host.
@traq I'm on a paying host, and it's not free. I have to and will re-think about my host company. @skunkbad Yes, you are completely true. I don't keep my passwords in my PC, and also have FTP account; but most of the times, use directly .../cpanel web page, and sure that's a un-secure method. In the future 'only' I will use FTP to reach my host's files. Thanks for your notification.
I think you can help me to remove the malware code by my self, because all of my files are less than 30 number. (all of the .html .js and .css files) *As I said, I have 3 domains. I checked them on Sucuri, just 2 number of them have malware and blacklisted and one of them is 100% clean. (as sucuri & google said) I get a full scan of my PC with Nod32, and now I can say it's clean. So should do the second step and cleaning my host. I need your help to do that: I removed all of website's files, but yet 'Sucuri' say me that there is malware-holder file yet. Why? (My host show hidden files also) Can the malware be somewhere else that public_html? The sucuri say that security warning URL is on: http://mydomain.com/404javascript.js Why/How I can't/can see that file?
One thing to note about the Sucuri website scanner is that it will cache your initial scan results, so make sure you hit the "Re-Scan" button on the scan results page after you removed the files.
Additionally you may want to read through some of the following articles they have very good information regarding the type of stuff you are dealing with including step by step instructions:
Hmm, I found the malware codes! The malware redirection codes were in my root .htaccess file. I checked all of the .htaccess files except this one & now as sucuri say, my domains are totally clean. I think it's time to have a google review and I'm hopeful that they stay clean. Thank to all and a special thanks to you Bobby!
I have several questions about this:
1. My 3 website files are in 3 different folders. Can a damaged folder (= folder that have Malware), make the others damaged (= give other folders that virus)?
2. Can a full-format clean the host?
3. One my Websites made by Wordpress. If I get a backup of my posts, and then format the host, install wordpress and upload my posts again, can the Malware back to the hosts? (Can the Malware be in my posts backup?)
4. Is formatting the host and then Install wordpress again and upload my posts backup, bad for SEO?
Thanks.
What type of anti-virus/malware are you running and have you scanned?
Also, if you haven't already, search for files that have been modified since the day before you Google started reporting malware.
You might want to check exactly what it is that Google are saying. Is it that your site contains malware or that it 'contains links' to malware?
That might make a difference.
Can I be sure that my host is totally clean and make a GoogleWMT review?
There is 3 domain on my public_html. How I can be sure that no file of them haven any virus or malware script?
Regardless of whether you're using WP or not, if you restore your sites without making sure the security problem was fixed, then YES, your site can be hacked again.
Talk to your webhost, make sure they find out what caused the problem, make sure the problem is fixed, and then (only then) start thinking about restoring your sites and content. (The issue of google blacklisting you is even less important.)
@traq I contacted them. They said I remove all of my host's files and then upload them again, with a strong exactitude. I'm not sure about this solution.
@ChristopherBurton Sorry, I couldn't understand your purpose about compromised files.
No offense to you, but if you don't know how to deal with these issues, then you shouldn't be the one doing it. That's just common sense. It's your host that should be fixing everything - in fact, they probably have a bigger vested interest in fixing it then you do (they wouldn't want the problem spreading to other paying clients, after all).
There are certainly some things that they would tell you - "don't use such-and-such script anymore," "don't allow people to upload that type of file," and so forth - but the technical end of it is their responsibility. That is what you're paying them for, right?
Cheers,
@mevaser I sent you a message.
@BobbyJones Thanks. If I migrate to a suitable host - like HostGator - should I use those security websites yet or they (e.g. Hostgator) do that for me?
@ChristopherBurton I don't know completely with files were compromised, I think some javascript codes made me this problem. Was that what your purpose?
*As I said, I have 3 domains. I checked them on Sucuri, just 2 number of them have malware and blacklisted and one of them is 100% clean.
I get a full scan of my PC with Nod32, and now I can say it's clean. So should do the second step and cleaning my host.
I need your help to do that:
I removed all of website's files, but yet 'Sucuri' say me that there is malware-holder file yet. Why? (My host show hidden files also)
Can the malware be somewhere else that public_html?
The sucuri say that security warning URL is on: http://mydomain.com/404javascript.js
Why/How I can't/can see that file?
Thanks.
Yes, there are things that will be your responsibility to address, but they should be taking the lead in situations like this, especially where more technical matters are involved. If they're not (or, worse yet, if they don't seem to care), then I would be looking for a more responsible host.
@skunkbad Yes, you are completely true. I don't keep my passwords in my PC, and also have FTP account; but most of the times, use directly .../cpanel web page, and sure that's a un-secure method. In the future 'only' I will use FTP to reach my host's files. Thanks for your notification.
I think you can help me to remove the malware code by my self, because all of my files are less than 30 number. (all of the .html .js and .css files)
*As I said, I have 3 domains. I checked them on Sucuri, just 2 number of them have malware and blacklisted and one of them is 100% clean. (as sucuri & google said)
I get a full scan of my PC with Nod32, and now I can say it's clean. So should do the second step and cleaning my host.
I need your help to do that:
I removed all of website's files, but yet 'Sucuri' say me that there is malware-holder file yet. Why? (My host show hidden files also)
Can the malware be somewhere else that public_html?
The sucuri say that security warning URL is on: http://mydomain.com/404javascript.js
Why/How I can't/can see that file?
http://codex.wordpress.org/FAQ_My_site_was_hacked
http://ocaoimh.ie/2008/06/08/did-your-wordpress-site-get-hacked/
http://codex.wordpress.org/Hardening_WordPress
Something that I should say is my hacked web is not wordpress based, and my wp blog is totally clean.
Thank to all and a special thanks to you Bobby!