How to handle malware detection on your website

Ruh roh, malware!

Just thinking of malware detection on your website probably fills you with dread. You visit your online presence, only to find that Google has listed it as an attack site. It’s possible your website has been converted for pornography or mail-order drugs. Not only will this kill traffic, it will also kill the trust your customers had in you.

In fact, The Denver Post reports that 60 percent of small companies that suffer from a cyber-attack are out of business within six months. That’s scary when you look at the numbers.

Thousands of websites are attacked daily, and it’s only a matter of time before your site could be targeted. In this article, we will discuss how to detect malware and handle things like a malware attack, malware detection and malware removal. Let’s make sure your business doesn’t become a statistic.

What to do when I’m notified of malware detection?

Malware Detection Source Code
Photo: Christiaan Colen via Visualhunt / CC BY-SA

First, don’t panic. This is repairable, but you must act quickly. The longer you wait to deal with the problem, the less likely you are to survive it. It’s necessary at this point to plan and get down to the business of eradicating the malware.

Ignoring malware detection will not make it go away.

 

Second, do your research. You will find a lot of malware removal companies out there, some of which charge a hefty sum for malware removal. It’s sometimes possible to handle it yourself when you detect malware. 

Third, if you don’t have a site backup, make one as soon as your site is clean. This stage is often where you find yourself glad that you invested in technology like GoDaddy Website Security, powered by Sucuri — or wished you had.

How can you detect malware attacks on your website?

Malware is designed to spread until stopped. Waiting too long can leave core files irreparably damaged, which could result in the need to build your website from scratch. Here are some malware symptoms to look for:

  • Your site is running much slower than usual.
  • Your website redirects to something that is not your content.
  • You find oddly named files in your directory, especially ones with Base 64 encoding or redirects.
  • Your site is simply non-responsive.
  • Your site is sending out emails at an alarming rate.
  • You are notified by your hosting company.
  • You are notified by your malware detection software.

Pay attention to these key indicators. Every minute counts, and the sooner you remedy the problem, the less likely you are to lose your visitors’ trust.

What should I do about malware detection?

Malware Detection Personal Files
Photo: Christiaan Colen via Visual hunt / CC BY-SA

There are various routes to take once you detect malware. Personally, I don’t recommend attempting to remove it manually. This is an attack instigated by a self-propagating computer program known as a bot. I don’t know about you, but I’ve never been able to keep up with the speed of a computer program in action.

Following malware detection, it’s imperative you get some sort of malware removal program.

 

GoDaddy offers a comprehensive malware solution called Express Malware Removal. In addition to malware removal, you also get continued protection with an unlimited, guaranteed malware removal feature at no extra cost. It’s a simple setup, and their security experts know how to deal with an infection. Even better? You get a Web Application Firewall (WAF) to help protect your site from future attacks.

You can shop around for other options, but make sure you choose wisely. While price might be a determining factor, it’s important to consider other things, like 24/7 support. The last thing you want is to run into an issue like this and have no one to help you resolve the matter. Whatever route you choose, remember that time is of the essence when it comes to mitigating damage done to your brand.

What’s next now that my site’s clean?

There are thousands of websites being hacked every day, but yours is now a known quantity. Simply put, if they believe you’re an easy target, they could try again. Here are my suggestions to keep you free and clean of malware and detect further malware attacks as they happen:

  • The program you’re using should notify you of malware detection.
  • Your program should also have active monitoring and intermittent automatic scans.
  • Your program should include malware removal.
  • Your program should also offer a WAF to prevent DDoS and other attacks.

Also remember that site backups are your friend. Some hosting companies charge a hefty amount to restore your site from their emergency backup archives. But if you’re regularly backing up your site, you can avoid shelling out to get your site restored.

Two more assets for malware detection

Malware Detection Keyboard
Photo: IntelFreePress via Visualhunt / CC BY-SA

So, you’ve cleaned your website after you detected malware. You’ve taken the necessary steps and purchased the best website security package you can find. That’s it? It might seem like that’s all you have to do to keep website is safe from those mean, nasty hackers and their bots. Right? Wrong.

I know, I know… You say, “I’ve done all the things you told me! What else is there?” Well, fret not. We’re about to take a closer look at that.

Site backups

Let’s revisit the subject of site backups. Not only will they help you recover from a disastrous malware attack, they also ensure you have a fresh copy of your website should anything else happen — like an employee accidentally deleting something or even a server failure.

Redundancy is always key in the tech world.

 

You should get into a practice that ensures you’ve taken all the necessary precautions to protect your business investment. Scheduling regular backups is one of them.

SSL certificates

Make sure to purchase an SSL. It encrypts all incoming and outgoing data, which engenders trust among customers that their security is as paramount as your own. It also improves your ranking with Google. Finally, it sends a clear message to hackers that going for your information would be fruitless — and therefore not worth the time.

Final thoughts and takeaways

In my job, I field calls every single day about malware infections on a website. Nine times out of 10, they happen because the client was either misinformed or acted based on assumptions.

Some assume their hosting company was providing the security (usually not true). You should think of hosting like a rental. Like an apartment complex, your hosting company provides the space where you put the website (your furniture and belongings). Locks are available — in this case, GoDaddy’s Website Security, powered by Sucuri, SSL and site backups — but the hosting company (your landlord) isn’t going to come by every day you’re gone to ensure your door is locked. That’s your responsibility.

When you face malware detection, accept ownership of the issue and act to remove it and prevent it from happening again. This is your business and your investment. Ensuring your customers and your investment is protected should be one of your highest priorities.

Image by: Visualhunt