When you know that your website is compromised the first thing you need to do is to take the site down immediately, contact your webhost and most importantly change your passwords. If your website is on a shared hosting most probably your webhost may be aware of the problem and may already be taking steps to fix it.

If you are using a dedicated host you can get in touch with your dedicated hosting provider and ask them to check if all the patches, security updates are up to date, if not get it done. Change passwords for all account like the FTP, admin area, CMS etc. Once you have access to the server bring down the site and make sure it returns a 503 status code. Use robots.txt to avoid getting your site crawled until it is fixed.

The next step would be to access the damage. Now perform a full scan of your computer with up-to-date scanning software to make sure your personal PC is not infected. Malicious codes can also be embedded in images so make sure you have the best scanning program.

Make use of Google Safe Browsing diagnostics page (http://www.google.com/safebrowsing/diagnostic?site=www.yoursite.com) replace www.yoursite.com with your real site name. This will give you more information about what Google’s scanners have found.
You can visit the GWT and go to the diagnostics tool then click malware. You will see the entire links that have been identified as infected. Don’t be surprised to find some new URL’s as hackers tend to add new links for evil purposes.

Use the Google URL removal tool to remove all the new URL’s that was added by the hacker. Make sure you report the phishing pages to Google Safe Browsing Team. You can make use of the Fetch as Googlebot tool that is available in the GWT which can detect malware. For more information on how to deal with a hacked site visit antiphishing.org.

Check to see if .htacess is not altered and check if no pages are redirecting to unknown sites. Check your server log for suspicious activates such as failed login attempts, history etc.

Once you are sure that the system is clean, all spammy content has been removed and server is up to date running latest security updates and patches; get your site back online and get Google to review your site by logging into GWT > diagnostics > click malware and then request a review. Remember it might take a day for Google’s automated malware warning to be removed.

The final step is to request for reconsideration of your site.

By Rajeev Rana

Founder and Chief Editor - gogi.in