From Godaddy:
Dear Winston,
Thank you for contacting Online Support. Staying current with 3rd party application patches and having a strong server password are your best defenses against malware. When checking for the presence of malware, be sure to check the code residing on your server and not your backup files. Always use a virtual machine for verification to avoid infecting your own computer.
Malware can be anything from unexplained links on your web pages to executables that infect your site visitors' computers. There are three major steps to keep your hosting server and web pages free of malware. Make sure you address each of these to keep your hosting account clean and uninfected.
NOTE: Once your hosting server becomes infected with malware, we cannot assist you with its cleanup. You need to be proactive in preventing malware and in identifying/removing it if your server account becomes infected.
Identifying Malware
Perhaps Google® contacted you indicating your site was infected or maybe it was one of your site visitors that alerted you. Possibly you noticed something yourself. If you think you're having an issue with malware, here are steps to identify the problem.
NOTE: Always use a virtual machine to test for malware to prevent infecting your own computer. Remember to test the code that resides on your hosting server — not your backup files.
1. Software downloads offered from your site may contain malware. Test any offered software posted on your site to avoid unintentionally passing along malware.
2. Links from your site to malware sites. Be sure to test all links on your site.
* Search for unknown links — especially links to executables that you do not recognize: .exe, .bat, .cmd, .scr, or .pif.
* You can purchase or download free software that scans for malicious links in your code.
* Be sure to check online malware clearing houses such as http://www.stopbadware.org/ to learn of known issues.
3. Malware can be distributed through ads on your site. These can be identified the same way you identify malware links but you can also research problems via the Internet to see if others have had problems with your ad partner(s).
4. Malware links can be lurking in user-posted areas of your site. These can be identified in the same manner as links in other portions of your site.
5. Be alert for hacking attacks. Injection (inserting code or executables onto your web pages) is a common method of hacking that exploits a security vulnerability to introduce harmful code to one or more of your web pages.
* Invisible frames: These tags set up tiny frames on a web page. They are virtually invisible because of their size. To find these, search for iframe tags with height=“0� width=“0�. These are usually placed at the very top or bottom of the source code for the page.
* Obfuscated code: This type of attack is designed to be hidden and to be difficult to identify. Most common ways code is obfuscated are encoding and encrypting.
Encoding can be spotted as using hex or unicode/wide characters.
For hex, you'll see strings of percent signs ('%' ) followed by two characters (e.g. %ww%xx%yy). Unicode can be identified as "\u" followed by 4 characters and these blocks can take up several paragraphs. Example: \u9900\u1212\u8879.
Encrypted code is harder to find because there are no set patterns. Since even Javascript syntax is based on English words, most of your code should be readable. If you find entire sections of your code that are completely unintelligible blocks of letters, numbers, and symbols, you are probably looking at encrypted code.
* Often the easiest method to identify malware is to download all of your source code to a virtual machine and scan it using anti-virus and anti-spyware programs.
NOTE: Most hacking focuses on HTML code but it is also possible for malware including executables, javascript files, or even images to be uploaded to your site if the hacker gains access to your hosting server.
Removing Malware
The method required to remove the malware you find on your hosting server will differ depending upon what you have found. Here are some methods to rid your hosting server of malware that has infected it.
1. If you find malware in software that you offer for download, remove the infected software from your site and do not offer it again until you are sure that it is not infected. If you created the software, you can use malware prevention sites to understand guidelines for software compliance.
2. If you find links to malware sites on your site, remove them from your code.
3. If ads on your site are linking to malware, remove the infected ads. If you use an ad network, this may mean removing all of the network's ads from your site until you can insure that the network is clean. You may also wish to contact your ad provider and let them know.
4. If malware is found in user-generated areas of your site, remove the malware links you've found. This may involve editing user posts or deleting entire user posts.
5. If your site has been hacked:
* Take the site offline to avoid putting site visitors and customers at risk.
* Remove all offending code. This is only effective long-term in conjunction prevention.
* Fix underlying security vulnerabilities to prevent future attacks.
* Check for and remove any 'back doors' left by the hacker. A back door allows the hacker future access even after you secure the site.
* Check user forums for the software you are using on your site to determine if other users have been affected and to see if your site is missing security updates.
Preventing Malware
Long term, this is the most important tool against malware. Following these guidelines can save you time, effort, and trouble in the future.
1. Insure software offered for download is malware-free before making it available.
2. Before adding a link to your site, check it for malware.
3. Use only reputable ad providers and monitor them regularly.
* Insure that your ad providers are currently clean and that they scan regularly for malware from advertisers.
* Before choosing and implementing a new ad partner, use Internet searches to check them out for previous or current problems.
4. Monitor user-generated areas of your site.
* Post terms of use for additions to your forums or blogs to explicitly forbid posting links to malware. Actively monitor these areas for suspicious links or executables.
* Use a strong password. For guidelines on creating a password see Generating a Strong Password.
* Use FTP-SSL, if available. To check your hosting server for FTP-SSL availability and to connect using FTP-SSL, see Connecting to Your Shared Hosting Account with FTP-SSL.
* Scan your site for security vulnerabilities. There are both free and commercial auditing scanners you can use.
* Make sure to install the latest available version and all available patches for 3rd party software you're using on your site. This is very important. If the 3rd party software you are using has a security vulnerability, your site will be vulnerable. Staying current with provider releases and security patches will lessen those vulnerabilities.
Please let us know if we can help you in any other way.
Sincerely,
Matt P.
Online Support Representative
