How to Recover Your Website from Malware Infection Part II

If you have determined that your website is in fact infected it is best to take it down and restore it from a known clean backup. Yes, I assume much that you have a backup but in Part I of this post I spoke a length of the value and importance of doing so but I will say it again. Backup, backup, BACKUP your website so if any issue occurs you can recover. As was said in the previous post backup your database and files. (Note: In this case, I’m assuming you have shared or managed hosting (VPS or cloud) which means you don’t need to worry about backing up the server itself. If you have your own server (physical) or unmanaged server (cloud or otherwise) you should work with a qualified provider to develop a DR (Disaster Recovery) plan that will also address this server OS and webserver configuration. For the sake of this post I assume you have shared hosting and a single hosting account (no redundancy).

Take Down Your Infected Site

Taking down your site is an important step in recovering it. Remember having an infected site up and online can damage your brand, hurt SEO/SEM (Search Engine Marketing/Search Engine Optimization) efforts, so it is imperative you remove the site and rebuild.

Change All Your Passwords

Your passwords may have been compromised in the breach so it is import to change ALL of them. This includes web Cpanels, FTP, SSH, Mysql, etc. I recommend you move to stronger authentication mechanisms such as 2-factor authentication (where applicable/possible) or at the very least stronger passwords that change frequently and the use of a password manager.

Move to More Secure Protocols

Some protocols such as FTP and vanilla HTTP (for managing your CMS) have inherent weaknesses and should be avoided. Choosing to continue to use them puts your web efforts at risk so you should move toward more secure alternatives such as SFTP and HTTPS.

Restore Database

Restoring your database is different depending on the database technology involved. Again I’m assuming you have tested and validated that the contents of this database restore are clean and you are good to go.

Examine Files

If you know the particulars of the infection you are dealing with you can search for it within your CMS files to validate that your last know backup is clean. You could also review the source HTML, PHP, ASP, JavaScript, etc. manually. Sometimes a conventional desktop anti-malware solution can detect some known issues in this code as well. Once you know that the backup you are to restore is clean go ahead to the steps detailed below.

Restore Files

All CMSs have files that will need to be restored to their previous state. This often involves using SFTP to restore those files from backup.

Reinstall & Patch Your CMS (if applicable)

If you are restoring to an older version of your CMS then you should immediately upgrade it after you have restored the database and these files. You can also reinstall from scratch and patch as another option.

Test & Scan

Now that your site is back up and running you should remotely scan it for malware. Check the source and validate that you are in fact back and in a clean state. Several online services will actually scan your site for malware and vulnerabilities a few of them worth investigating are:

Website Defender
http://www.websitedefender.com/

Sucuri
http://sucuri.net/

Kyplex
http://www.kyplex.com/

Most hosting providers offer this now as service as well so check out your web hosting or cloud services provider to find out the options.

Notify Google/Bing

See Google’s Cleaning your site guidelines which will detail all the steps to get your site cleaned and back in its search results. In Bing the same process is detailed online documentation, “The merciless malignancy of malware Part 1” .

Plan for the Future

Looking forward it may make sense to work with a professional to improve the security (better design, pen testing, backups), availability (added redundancy and fail-over) and improvement of your disaster recovery process.

There is no rocket science to keeping your site safe – just simple planning and procedures. So start these today and enjoy the peace of mind of knowing you can restore should disaster or malware strike. Backup, have a clear DR plan

Joseph P. Guarino has a long history of producing business results with the application of information technology. Joseph's expertise span over 15 years in the private sector at leading technology firms and consulting organization. With Evolutionary IT, he saw a market need to bring his transformative knowledge and expertise to firms in the New England area and worldwide. Joseph is driven by a strong desire to see customer's thrive with the best business solutions. Evolutionary IT evolved out of this desire to bring a new level of quality IT solutions, align them with business goals and give customer's a competitive edge.
Posted in Internet Security, Security  |  Leave a comment

Leave a reply