: How to fix a site that Google tells you is infected I work for a company that setup a website, this one thelinearshop.com (warning this site contains malware so don't go there if you are
I work for a company that setup a website, this one thelinearshop.com (warning this site contains malware so don't go there if you are concerned), before I started working for them. The site uses OSCommerce. It now looks like someone was able to infect it with a malware link and jumble the site itself and when I visit the site I get a warning page from Google with the choice to leave, go to safebrowsing.clients.google.com/safebrowsing/diagnostic?client=Firefox&hl=en-US&site=http://thelinearshop.com/ for info on why it is getting blocked, or to ignore the issue.
I have looked at the site and someone definitely hacked it. I have never run into this before and I am not sure how to proceed in order to get this fixed. I know I need to get the virus out but I am also concerned that whoever set the site up used an older version of OSCommerce and that it must not be very secure. Is that the case?
More posts by @Welton855
3 Comments
Sorted by latest first Latest Oldest Best
Glad to see your problem is fixed, but to add my two penneth....
I went through this myself in the middle of 2009, I started reading the malware and hacked sites forum on googles webmaster central.
I usually find there are three main sources of infection:
The hosting company has been hacked.
Users who have found their home pc's have been hacked, as a result had ftp/password details stolen.
Out of date/insecure code.
Couple of pieces of advice I don't think have been mentioned:
If you are paying for any services relating to your website (like adwords) make sure you disable these whilst you resolve your problem. Otherwise it's throwing money down the drain!
Don't forget to check your .htaccess file - mine was ripped to shreds when I was hacked.
I've been through this before thanks to old versions of Joomla, phpBB, and OSCommerce. In all cases, I was called in to mop up after someone else forgot (or neglected) to do upgrades. In one case, a rogue test install of Joomla (with no intention of ever going live) was to blame. Regardless, once one of these exploits gets out there, the "bad guys" are going to "sniff" everything they can find to exploit your systems.
I took the low-tech approach in all cases. First, I put up an "under construction" page that was clean to protect my IE users from getting infected. Second, I searched for the bad code....it's usually pretty obvious what it is. The good news is that these guys are generally lazy and automated...so it's normally just a few lines of javascript, nearly always in the same spot. Remove it....automate if you have to. Third, update EVERYTHING that's open source....no matter how new it might be. Create a system that you can follow going forward to ensure updates don't get missed again. Fourth, if you don't have analytics on your site, install it and set it up for daily reports. These sort of intrusions sometimes show up as strange traffic spikes that can't be explained. Finally, put it up (maybe even somewhere else) and test it thoroughly.
Your best bet, if it is possible, is to set up a development version of their site and try to upgrade it to a newer version of OSCommerce and see if it works properly. I don't use OSCommerce but I would think they would offer upgrade scripts or something similar to help automate the process. Assuming it works properly I would then upgrade the live site to the new version. That way you are sure you have all of the latest patches and have closed whatever hole(s) were originally exploited.
Once you've cleaned up the site create a Google Webmaster account for this website if you haven't already. In there you can request that Google check the site again and have them remove the unsafe website label from their listings.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.