How to Find Malware in Your Website?
Think again, if you thought malware only came from malicious, shady websites.
Hackers upload malware to smaller, legitimate websites on a regular basis.
They do not publish their modus operandi, but for any number of malicious reasons, ranging from spamming to sending phishing messages or running Distributed Denial of Service (DDoS) attacks, they usually target poorly protected websites.
They can upload their malware in various ways, such as disguised plugins, manipulation of source code, malicious redirection, drive-by downloads, phishing, or via backdoors, etc.
A common misconception is that hacking is all about defacing a page, but hackers don’t always want you to know you’re hacking your website. As sneakily as they can, they want to be left to their own devices and mess around with your site.
Identifying this malware is often rather difficult as it is usually pretty well hidden within your website, even if you are on a secure hosting platform.
So we have prepared a few ways that you can defend yourself and identify yourself if your website contains malware.
Google Free Malware Checker
It’s worth checking with Google quickly before you do anything if they have detected any problems with your site.
You can do this by using a free service, Google Site Checker. To check whether your website is potentially hazardous to visit, it uses its secure browsing technology.
The “Health” menu also lets you check your website from Google Console. This will clear the flag once you remove the malware from your website if your site has been previously flagged by Google as hosting malware. It’s a good (and free) way to identify the presence of malware on your site as a starting point.
Another great free tool that you can use online to check if your website is infected with malware or not is to check the Sucuri site and run a manual malware scan.
It will provide you with a malware checking report, blacklist checking for key malware signs, such as sending spam, defacing the website, etc.
While the inspection is free, there is an additional fee if you want to set up automatic monitoring if malware is detected. If you discover that your site has been compromised, you can either remove the malware yourself or you can also pay them to remove it for you if you are not confident with that type of thing.
Sucuri has a plugin for WordPress-based sites. It’s free and it has some really useful features, such as hardening WordPress, last login notification panel, monitoring blacklist and notification of security, etc. As well as the ability to reset a user’s password, it also has automatic site recovery.
SiteLock is another great malware scanner for websites. This tool scans your website for malware, injections of malicious code, iframes, scripts, or backdoors and notifies you if any ISPs have blacklisted your website or not.
It can also conduct daily scans and is accessible from any device connected to the internet. To reassure visitors that your site is safe, it comes with a website security shield.
Qualys is also a malware-identifying free website scanner. It’s a cloud-based solution that provides your website with not only malware reports but also other vulnerabilities in an easy-to-digest format.
Monitoring of Code and Backup
Another efficient method of checking if your site has been compromised is monitoring changes to the code.
One tool which does this really well is Codeguard. It is a time-based backup service that carries out regular backups of your data.
The way it functions is that it connects to your site and runs an initial backup. It then runs periodic backups and notifies you about any changes.
That way, by clicking a button, you can restore your website back to its previous state if there are any discrepancies. It’s a really clean solution that combines checks for both malware and backup.
WordPress Security Plugins
WP Antivirus site protection is a great security plugin that provides protection against malware, backdoors, Trojan, and rootkit scanning if your site runs on WordPress.
It can also scan any media files and plugins that have also been uploaded to your website. Free and paid versions of this plugin are available. Your website will be scanned each week for a free version. You should opt for the paid version if you want to check more often.
Another free plugin for WordPress is called Gotmls. It scans and removes any known malware or malicious scripts from your WordPress website for free and notifies you in the section of the admin bar. It also has basic built-in DDoS security and a WordPress Login page hardening function.
If you’re among the millions of WordPress users, then you’ll know that the sheer number of ready-made themes available to you is one of the great benefits of WordPress.
But because most of them are uploaded from third-party vendors and need to be checked for authenticity and security, it’s a double-edged sword. Just to find that it has malware baked into it, the last thing you want is to launch your new site.
But there’s support at hand. Using the theme authenticity checker plugin, you can check the authenticity of your theme. In the theme files, it can verify common injection malware as well as check footer links.
In terms of time, money, and your reputation, just a simple check like this can save you so much.
Malware Detect (LMD)
You can search your server with Linux Malware Detect along with the ClamAV virus engine for more advanced users who have their own server (either Dedicated or Virtual).
This program for malware detection operates at the server level and is particularly good at detecting backdoors of PHP, dark mailers and other malicious files, etc.
By default, Maldet scans any new file that has been generated in the last two days in the directories as it looks for malware. It uses a signature-based detection system and gets its signature information from four engines (Network edge IPS, Community Data, ClamAV, user submission).
If you don’t mind taking a peep under the hood and getting your hands dirty, you can manually inspect your files.
Hackers are particularly attracted towards files such as:
- .htaccess files
- .php files
- media files
Often many of the files will look innocuous at first glance since hackers often insert malicious links in those files in base64 encoded format. So you need to search all directories for base64 encoding; these types of infected files can easily be identified. Here is the link for decoding the base64 string format.
The above options will help you detect malware hiding on your website, but because hackers are constantly expanding and creating new types of attacks, you must bear in mind that none can have a 100 percent success rate. Despite this, trying to stay ahead of them is in your best interest and I highly suggest using some kind of method such as those mentioned above to detect any malicious injections in the early stage until it is too late.
Tony is passionate about helping his customers get the best out of their presence online. He is the co-founder of Pickaweb and author of the ‘The Lazy Website Syndrome’ 5 Star Amazon rated book, which provides the reader with a clear 3-step guide to increasing their company using online marketing. Tony is now living in Southern Spain.
Including domain names, web hosting, reseller hosting, virtual private servers, cloud servers, dedicated servers, SSL certificates, and an easy-to-use website builder, Pickaweb provides a wide range of SME services.