Once again Life in the FastLane demonstrates that it has a low immunity.
Struggling to maintain a blog/website of this size is becoming an increasingly difficult task, and recently the Search Guru Google found a good reason to put us out of circulation again – malware.
Obviously LITFL takes malware notifications seriously and the last thing we would want is to infect our readers computers with malicious code. But, despite reading the malware notification I was still at a loss to identify the problematic code, then eradicate it; notify Google the code had been removed and wait again to be re-instated to a level of Google trustworthiness.
Thankfully the issue has now been resolved and we are back up and running with a new interface, improved design and added security. So I thought it would be prudent to detail some of the steps we undertook to get things back on track and to help other non-computer savvy medical bloggers out there in case they suffer the same fate!
Steps to take…
- IDENTIFY: Check your site is blacklisted and understand the implications of malware
- INTERPRET: Correctly interpret Google’s Safe Browsing advisory notice and find out the reason why your site has been blacklisted
- REMOVE: Clean up your site
- PREVENT: Secure your site to prevent further attacks, consider additional security, backup software, hosting, passwords…
- REVIEW: Request a malware review via Google’s Webmaster Tools
IDENTIFY: Check your site is blacklisted
Use this form to check if your site is currently listed as suspicious on Google
In our case we were deemed to be malware free by many blacklist checking services. Further research determined that some of the website/URL checking services can be completely fooled by javascript obfuscation (if it does implement javascript at all). Considering that 95% of the hackers/hacking sites using exploits use javascript obfuscation, many of the URL checkers are therefore almost completely useless, however they can be a good way of performing a quick ‘health-check’ on your website/blog.
The most useful free website/URL checkers include:
Additional services include
INTERPRET: Understand the issue:
To protect web surfers, Google is continually working to identify and blacklist dangerous pages. Many popular applications (Google Search, Google Chrome, Firefox, Safari, etc.) use Google’s malware database to warn their users to keep away from potentially harmful sites. The majority of blacklisted sites are compromised legitimate websites (like LITFL) where hackers place malicious content. The owners often face a hard time both cleaning up their sites and removing malware warnings that badly affect their sites’ traffic and reputation.
REMOVE – the offending malware
Option 1. – PANIC
- Run around in blind panic (always a good first step for any IT emergency)
- Check out the Webmaster help page
- Have a sit down…all that dense text and geek-speak has given you a headache…
- Cry a little inside…again
Option 2. – DON’T PANIC
- Find and remove the offending code (if you have ftp acces and know what you are doing)
- The three commonest issues involve malicious scripts, htaccess redirects and hidden iframes
- OR Source a quick, reliable, cheap and effective online solution….
- We were very impressed with the speed with which Sucuri Security assisted in finding and eradicating the initial malicious code and then notifying us of a subsequent attack. As a result we have added Sucuri to our ongoing protection barrage! Great twitter service and iPhone updates!
PREVENT – future breaches
Preventing badware on your website requires protecting three things
- The website/blog itself – Ensure that any software you use (such as WordPress) is up to date with the latest security fixes.
- Password(s) used to upload content to the site - Change any default passwords to strong password and change them regularly.
- The computer(s) used to upload content to the site – Review your computers, operating systems and updates
Additional steps we undertook
- Changed blog theme: We were mainly affected by javascript obfuscation, so we removed the previous theme and uploaded a simpler, sleeker theme with minimal javascript
- Installed a premium blog backup service: VaultPress provides realtime, continuous backup and synchronization of every post, comment, media file, revision and dashboard setting across at least two separate cloud services in addition to the Automattic grid, ensuring no loss of content.
- Changed hosting service: Most of the blogs on our shared server were affected by the viral breach, and we have had no contact with our current hosting providor regarding the matter – to this end we have made the decision to change hosts AND move to a dedicated server…
- Added extra security with Sucuri Security
REVIEW
- Request a malware review via Google’s Webmaster Tools
- NOTE: It is not uncommon for a Google Malware warning to persist when other online website and URL checkers determine that a website is clean. This can happen due to the following reasons [Source: Unmask Parasites]
- The online URL checker cannot detect the specific malware.
- Website doesn’t contain malware at the moment but Google isn’t aware of it yet.
- Website doesn’t contain malware, Google knows about it but it takes time to unblock the site.
- Sit back
- Relax
- …and remember, it is only a blog after all…
About Mike Cadogan
Wow, mate, sorry to hear of the struggles. Rest assured that when this kind of malwhatever happens to my blog I will come crying to you inconsolably for assistance. Keep rockin’ the matrix brutha!