You’re a malware victim survivor! Welcome to the club of countless members with membership growing by the moment. Now you need to learn what you need to do to keep your website safe after malware removal.
Leave your PTSD behind by tackling some things you should have in place to alleviate the stress of any further attacks!
Post Malware Removal Checklist
How To Keep Site Safe After Malware Removal
- Create Off Site Backup
Create a backup of your site – this includes files, database(s) and any important server files like htaccess and user.ini. Make sure this is off site. If you site gets infected again, you don’t want your backup in the same location. You should also do incremental backups.
- Remove Domain From Black Lists
If you haven’t already, make sure you remove your site from any blacklists. You should already be signed up at Google, Bing and Norton Safe Web. If you were spamming due the malware, check the RBL lists such as Anti-Abuse and MXToolbox and request your IP be delisted from any that have you on their list.
- Check Your Other Domains
We find many people have multiple websites under the same accounts. Add-on domains and subdomains are popular ways to get more out of a single hosting account, but they leave you HIGHLY VULNERABLE to re-infection. If you have old sites, dev sites or some you don’t use much any more, these all still need to be maintained and updated. Many hosting accounts have one old domain that was left unattended which ended up infected all the other domains in the account. Check all your other domains and subdomains and better yet, spend the money and separate each domain into its own account.
- Check Account Root and cgi-bin directory
Many hosting accounts have a directory structure such as /home/username/public_html where your main domain is located. Malware can get into the /home/username/ directory as well. So check that and also check your .trash directory for any leftover removed malware that is lurking. Also the cgi-bin directory is a point of entry for some malware and should be checked that it is clean.
- Visually Inspect Files and Directories
If you’re a little more experienced and are familiar with what your files and directories should look like, then do a visual inspection for anything out of the ordinary. Files that look out of place, directories you or your CMS didn’t create and odd dates or timestamps.
- Audit and Change Access
You should review everyone who has access to your hosting and website(s) and provide access to only those who should have access – and at the appropriate level. Of those to remain, change passwords and usernames if appropriate. Make sure no user has the username of admin or similar easy to guess usernames. In addition, you should consider changing the database password and review use and need of FTP/SSH account access and change / update accordingly.
- Add Additional Protection
You should seriously consider adding a web application firewall (WAF). In essence a WAF monitors the traffic coming to your server and then blocks out anything that appears suspicious or malicious. There are some free or inexpensive add-ons to some CMS products, such as WordFence for WordPress. But these only protect the actual site. You should still add something that monitors traffic BEFORE it gets to your server. Our Fortify Plus provides WAF protection using real time information collected from over 80 million endpoints.
The steps above are crucial to keep your website safe after malware removal. Maintaining a malware free website is key. As with any protection and security, nothing is every 100%. So you should make sure to have in place contingencies for reinfection. Offsite backups is a great and inexpensive way to get back online quickly. Just make sure you are backing up regularly.
You should also consider other products that can help you be proactive rather than reactive. For instance we have a backup solution that includes malware scanning of all files during the daily backup so you avoid infecting a backup.
Other options include Fortify which will scan a couple of times a day and remove any malware upon request if you should be infected again.
Our best protection is Fortify Plus which will automatically remove any malware should you be infected. It also includes a state of the art WAF that is updated by over 80 million endpoints which use that information to block bad traffic before it even gets to your host.