How To Keep Your Website Safe After Malware Removal

How To Keep Site Safe After Malware Removal

1. Create Off Site Backup
   

   Create a backup of your site – this includes files, database(s) and any important server files like htaccess and user.ini. Make sure this is off site. If you site gets infected again, you don’t want your backup in the same location. You should also do incremental backups.

2. Remove Domain From Black Lists
   

   If you haven’t already, make sure you remove your site from any blacklists. You should already be signed up at Google, Bing and Norton Safe Web. If you were spamming due the malware, check the RBL lists such as Anti-Abuse and MXToolbox and request your IP be delisted from any that have you on their list.

3. Check Your Other Domains
   

   We find many people have multiple websites under the same accounts. Add-on domains and subdomains are popular ways to get more out of a single hosting account, but they leave you HIGHLY VULNERABLE to re-infection. If you have old sites, dev sites or some you don’t use much any more, these all still need to be maintained and updated. Many hosting accounts have one old domain that was left unattended which ended up infected all the other domains in the account. Check all your other domains and subdomains and better yet, spend the money and separate each domain into its own account.

4. Check Account Root and cgi-bin directory
   

   Many hosting accounts have a directory structure such as /home/username/public_html where your main domain is located. Malware can get into the /home/username/ directory as well. So check that and also check your .trash directory for any leftover removed malware that is lurking. Also the cgi-bin directory is a point of entry for some malware and should be checked that it is clean.

5. Visually Inspect Files and Directories
   

   If you’re a little more experienced and are familiar with what your files and directories should look like, then do a visual inspection for anything out of the ordinary. Files that look out of place, directories you or your CMS didn’t create and odd dates or timestamps.

6. Audit and Change Access
   

   You should review everyone who has access to your hosting and website(s) and provide access to only those who should have access – and at the appropriate level. Of those to remain, change passwords and usernames if appropriate. Make sure no user has the username of admin or similar easy to guess usernames. In addition, you should consider changing the database password and review use and need of FTP/SSH account access and change / update accordingly.

7. Add Additional Protection
   

   You should seriously consider adding a web application firewall (WAF). In essence a WAF monitors the traffic coming to your server and then blocks out anything that appears suspicious or malicious. There are some free or inexpensive add-ons to some CMS products, such as WordFence for WordPress. But these only protect the actual site. You should still add something that monitors traffic BEFORE it gets to your server. Our Fortify Plus provides WAF protection using real time information collected from over 80 million endpoints.