Uh oh! Google has detected harmful code on your site.

Uh oh! Google has detected harmful code on your site.

August 30, 2012 Blog Security News & Information 0

Nothing can be more frustrating that getting your site blacklisted by Google. It can paralyze your business almost instantly – customers loose confidence in your ability to maintain their information, safety and security. You need to take action NOW to avoid long term impact to your Google ranking and your reputation. Leaving your site compromised will end up costing you more money in lost sales and clients than it costs to get it fixed. Why give your competitors an unfair advantage? If you aren’t technical and you need assistance, we can reduce the impact and prevent further damage quickly – Now is your chance, we can have the typical site cleaned and secured in just a few hours.

Googles malware review process typically takes between 12-48 hours to remove the warnings from your site. Here are some tips to help you locate and remove any malware that may be hidden in files on your server:

1) First, do you have a “clean” back-up of your site? if so, just restore it from that. How do you know if it’s clean? Try to locate one that’s at least 1 week prior to your site getting flagged.

2) If #1 doesn’t apply, do the following, check all .htaccess files, php, html files and any include files or theme files you may be using. This will depend on if you are running wordpress, joomla, osCommerce, etc.

3) Also, check above your web directory (usually above public_html, httpdocs, html, etc) for an .htaccess file that will override anything in your web directory.

4) Remove any code that you find in your “legitimate” files that matches any of the following (Note – this isn’t an all exhaustive list, it’s the most common issues I’ve seen):
a. “eval(base64_decode(…..”
b. “edoced_46esab…”
c. “getMama…”
d. “115,99,114,105,112,116….”
e. “document.write(‘<iframe…..”
f. Check out our post on the Blackhole Exploit Kit


5) Look for any php files in any image, css, upload, download, etc directories that would not normally have a php file in them. Check the file contents for base64 strings and thing that point to it being a php shell such as “FilesMan”, “c999sh”. If you find files like this, DELETE THEM. You should also look for .jpg images with “base64” included in the header of the file – these are malicious! You will have to open them in a text editor to see it.

6) Once you’ve cleaned your site – UPGRADE it if you are not running the latest version to remove any possible publicly available vulnerabilities. ESPECIALLY if you are running older versions of Joomla (1.x, <2.5.14), these have a file upload vulnerability in the com_media component and your site will continue to have issues until it is upgraded.

7) Also I would recommend checking permissions; files should be at 644 and directories at 755 (this depends on your hosting company/server – this is the most common setting). Change your cPanel and FTP passwords.

8) Once you have completed all those steps, go to www.google.com/webmasters and if you don’t already have an account create one (Obviously if you have one – skip this step).

9) Once you’ve created your account, add your site, then on the left hand side, click on “Malware” . If they have you flagged, and you have cleaned your site, submit it for re-evaluation. This usually will take between 12-48  hours before you are cleared.

If you want to hire a true security professional to help clean, secure and monitor your site, then Click here to Order Now