What do I do when MalwareGone detects malware on my site?

February 10, 2021 in Website Backup

So you received a report stating that malware was found on your website? Don't worry, we'll try to help you understand what's going on and get things fixed as soon as possible.

Malware, the short term for malicious software, is a piece of code that is installed on applications in order to do something. It's not possible to tell you what it's doing or what it did to your data because it can be used to do a lot of different things, and without a complete analysis of the software itself, it's really hard to say. Usually it can be installed on your website through well known vulnerabilities, unpatched or outdated systems, or something new that has yet to be discovered.

Regardless of what software your running, please change your passwords right now - for FTP, SFTP, and Shell Access.

There are two most common scenarios and we'll explain them below:

Malware On Common Applications

If you're using a Content Management System like Wordpress, Joomla or Drupal, or you're running a store on Magento, please do the following:

  1. Restore your backups prior to the date when malware was found on your website. This will help you get your website live again as soon as the restore process finishes.
  2. Update the core system and please make sure you're running the latest version available.
  3. Update anything else related to your website like installed plugins, themes in use, and any other modules or libraries.
  4. If there is more than one website hosted on the same account, please do the same to all of them.

Malware on Custom Applications

If you are running a custom application, developed in house, we strongly recommend that you contact your hosting support or the person responsible for it. It's better to not touch anything as it will help you later. For example, the staff handling this kind of case will need to review the source and timestamp of affected files, server access logs, plus some other items, and if you change anything it can slow down the identification of the root cause. As soon as the vulnerability on your application is identified, it's a good idea to fix it so it won't be used again in the future. Usually, this type of analysis takes some time to complete. After everything is good again, please schedule a new backup of your website.