Website Malware Removal

Website security has become a big issue lately. Several of my clients’ WordPress and Joomla 1.5 sites have recently become targets.

One website was infected with what appeared to be pixel sized dots at the top of its pages. These dots were actually iframes to random websites that were doing bad things. Another clients’ website was repeatedly taken offline for no apparent reason, and after much work and everything appeared to be back to normal, we found that mobile users were being redirected to a porn site! So if you were on a desktop, you would never know there was an issue.

The most recent attack involved a 10 second redirect to a random number of websites. So the site looked fine and navigated normally. So unless you stayed on a page longer than 10 seconds, you would never know there was an issue. The danger was that someone would go to the client’s website (maybe even staff), leave the page open and go do something else — and have a virus installed on their PC when they returned!

One thing that I have determined is that I don’t have the skills to deal with the sophisticated approaches that are in use today. I have pulled backups and updated everything, checked log files, and changed passwords only to have the site reinfected a short time later. After many hours of unsuccessfully going through this process, I hired a service* to do clean-up and “hardening.”

I am encouraging all my customers to keep their sites software and plug-ins up to date, and to use challenging passwords that aren’t proper names or words in a dictionary (Seriously Jill?? You’re still using jill as a password?). If you’re running on Joomla, be aware that 1.5 is no longer being supported and a rework is required to move you to the newer architecture (you need to do this ASAP).

*I am currently recommending, sucuri.net to clean-up infected sites. It’s a subscription service; they guarantee their work, and will re-clean the site if anything is found within a year. They are very responsive and in all cases have cleaned sites up the same day. I have not seen a site re-infected after their work. They will even do a re-inclusion request to Google if your site has been flagged in the search results (when Google posts a message saying “this site may harm your computer“).

Related Posts: