My Website Has Been Suspended Due to Malware - Why?

Malware is short for malicious software, and represents a serious security threat to the server and visitors to your website. QiQ run Malware scans on servers from time to time and notify clients of any rogue files. If you have received a suspension notification due to Malware, this then requires your urgent attention to resolve.

We need to disable your site immediately on notification of Malware being present not only because of the security threat it presents, but in addition, Google scans websites for Malware and you may find they present you with a caution to proceeding to your content when visiting your website and blacklist your site.  As a consequence, you will not receive any visitors due to the caution, and potential future visitors will be unlikely to visit again.

Even though QiQ suspend accounts with detected Malware immediately, generally we do reactivate the site when clients confirm that either they, or their developers, are ready and able to start working on the site to eradicate any rogue files. As suspension helps prevent Google from blacklisting your site, this should be seen as a positive step in resolving this issue.

HOW COULD MALWARE BE ON MY SITE?

The most common reasons that your site has been compromised are:

a. Outdated scripts (such as Wordpress or Joomla)

b. Outdated script plugins and/or themes

c. Inappropriate file permissions

d. Insufficiently secure passwords for databases and FTP

f. XSS or SQL Injection (as a result of outdated scripts or poor code)


IN THE FIRST INSTANCE OF A MALWARE WARNING

If this is the first time a Malware warning has been given, it may be acceptable to just delete the infected file(s) and take remedial action to prevent any further infection. This would include:

a. Delete all files detailed in the Maldat warning.

b. Updating all outdated scripts (such as Wordpress or Joomla) and removing any that are not used.

c. Updating script plugins and removing any that are no longer used.

d. Correcting inappropriate file permissions.

e. Changing insufficiently secure passwords for databases, FTP and email accounts.


SIGNIFICANT OR SUBSEQUENT INSTANCES OF MALWARE WARNINGS

If we have advised previously of a Malware warning your site will be suspended and you will need to contact us to get the site reactivated so the following recommendations can be performed.

a. Backup your database

b. Download a copy of your site, but keep it separate from your clean backups.

c. Delete all files from your hosting package.

d. Contact us so that we can confirm that the hosting package is clean.

e. Change all passwords relating to the site, including database, administration, FTP, and mailboxes.

f. Rebuild your site from the latest releases of your CMS, or upload a known clean backup and update all scripts to the latest releases. If your site is custom-built, you should review the HTTP logs and vulnerable source to identify the issue, and resolve it.

g. Audit your site's security. Have you removed any installation files? Have you checked directory permissions? Have you removed any modules that are no longer required?

h. Contact us to re-enable the site.


SEARCH ENGINES

All popular browsers may also detect malware content in the website being accessed and also to check against blacklisted websites and accordingly block access to the website. The warning message by the browsers also vary as follows:

Internet Explorer -> "This website has been reported as unsafe"

Firefox -> "Reported Attack Site!"

Safari -> "Warning: Visiting this site may harm your computer"

Chrome -> "Warning: Visiting this site may harm your computer!"

Opera -> "Fraud Warning"

To get such warnings removed, register your site with https://www.google.com/webmasters/tools/ and register your site. Once your site is registered, you can then do the following:

a. On the Webmaster Tools Home page, select the site you want.
b. Click Health, and then click Malware.
c. Click Request a review.

Google's automatic systems will scan your website. If no malware is found, they will remove the warning from your site. This may take a day or so to happen; You can check the status of your request in Google's Webmaster Tools on the Malware page under Health.


FUTURE PREVENTION & ADDITIONAL ASSISTANCE

QiQ suggests that clients with a Malware issue consider using the services of sucuri.net.  In addition to providing assistance resolving Malware issues, Sucuri can perform daily scans of sites for vulnerabilities and help problems occurring in the first place.

  • 13 Users Found This Useful
Was this answer helpful?

Related Articles

Which modules are installed on the web servers?

All standard Apache modules are installed on the web servers, including mod_rewrite. In...

Can I point multiple domain names to my account?

There are two approaches to this: 1. A simple way to get your account to support more than one...

Do you have any FAQs on PHP, cgi, mySQL and scripts?

Can I place a PHP script in any directory I choose? Yes, PHP scripts do not have to reside in a...

FTP file size limit

The maximum file upload size is 150MB. If a file is greater than 150MB is attempted to be...

Hosting terms and conditions

Please refer to http://www.myqiq.info/tandc/