Think again, if you only thought malware comes from malicious, shady websites.
Hackers routinely upload malware to legit sites that are smaller.
It does not publish its mode of operation, but usually it targets poorly protecting websites for a variety of malicious reasons ranging from spamming to sending phishing mails or performing DDoS attacks.
There are different ways in which you can upload your malware, for example disguised plugins, manipulation of source code, malicious redirection, drive-by downloads or backdoors. One common misconception is that hacking is about defacing a page, but hackers don’t always want you to know your website’s getting hacked. You want to be left to your own devices and mess up as sneakily as possible with your site.
This malware is often quite difficult to identify as it is usually very well hidden within your website even if you are on a secure hosting platform.
We have therefore prepared a few ways that you can defend yourself and identify if your website contains malware yourself.
Google Free Malware Checker
It’s worth checking Google quickly if you found any problems with your website before you do anything.
You can do this with a free Google Website Checker. It uses its secure browsing technology to see if your website is potentially dangerous to visit.
You can also check the Google Console website through the “Health” menu. If your site was previously flagged as malware by Google, this clears the flag when you remove the malware from your website. It is a good (and free) way to detect the presence of malware on your website.
Malware Scanning Another great free tool you can use online to check whether or not your website is infected with malware is by checking the Sucuri site and scanning malware manually.
It will supply you with a malware checking report and blacklist checking for key malware signs such as spam shipment, website defacement etc. When the check is free, there is a supplementary charge if you want to setup automatic monitoring when malware is detected. If you discover that your site is compromised, you can either remove the malware yourself or pay them to remove the malware for you.
Sucuri has a plugin for WordPress-based websites. It is free and has some useful features, such as WordPress hardening, the last login notification panel and blacklist monitoring. It also automatically recovers the site and resets the password of a user.
SiteLock is another great website malware scanner. This tool scans the malware, malicious code injections, iframes, scribbles and backdoors of your website and informs you if any of your ISPs have blacklisted your website or not.
It can also be scanned daily and can be accessed from any connected internet device. It comes with a website security shield to ensure your website is safe.
Qualys is also a free malware identifying website scanner. It is a cloud-based solution that not only reports malware but also makes it easy to digest other vulnerabilities for your website.
Code Monitoring and Backup Another effective way to check if your site is compromised is to monitor code changes.
Codeguard is one tool that does this really well. It is a time-based backup service that backups your data regularly.
It works by connecting to your site and performing an initial backup. It then performs regular backups and notifies you of any changes.
In this way, you can restore your website to the previous state by clicking on a button if there are discrepancies. It’s a very good solution combining both backup and malware control.
If your website works on WordPress, then WP Antivirus site protection is a great security plugin that provides protection from malware, backdoors, Trojan and rootkit scanning.
It can also scan any plugins and media files uploaded to your website. This plugin is available free and paid. Every week, the free version scans your website. You can go to the paid version if you want to scan more often.
Another free plugin called the gomls is WordPress. It scans your website free of charge, removes any known malware or malicious scripts and notifies you in the administrative bar section. It has basic built-in DDoS protection and a WordPress login page durability.
If you’re amongst millions of WordPress users, you’ll know that one of WordPress ‘ great advantages is the sheer number of ready-made subjects available.
But it’s a double-edged sword, because most of them are uploaded from third party suppliers and authenticity and security must be checked. The last thing you want is to launch your new website, just to find that it contains malware.
But assistance is at hand. You can check your theme authenticity using the authenticity check plugin. It can check for common injection malware and check footer links in the theme file.
Just such a simple check can save you so much in time, money and reputation.
Malware detection (LMD)
You can scan your server with Linux Malware Detect and the ClamAV Virus Engine for advanced users with either a dedicated or virtual server.
Maldet is a server-friendly malware detection software that is particularly good for detecting PHP backdoors, dark mailers, malicious files, etc. Maldet scans every new file from directories created in the past two days, seeking malware by default. It uses a detection system based on the signature and receives the signature from four engines (Network Edge IPS, Community Data, ClamAV, user submission).
You can inspect your files manually if you don’t mind taking a peep under your hood and getting your hands dirty.
Hackers are particularly attracted to files like: .htaccess.php media files Many files often look innocuous at first sight as hackers often insert malicious links into those files in base64 encodable format. You have to search for all directories for base64 encoding, which can easily identify these kinds of infected files. This is the link for base64 string format decoding.
The above options can help you detect malware on your website, but you should be aware that none will have a 100% success rate as hackers are expanding and developing new types of attacks. Despite that, it is in your best interest to try and stay in front of you and I strongly advise you to use some sort of tool such as those above to detect malicious injections early before it is too late.