Contact Info

July 24th, 2023

Malware Attacks: How to detect, prevent and contain them

To the naked eye your website may appear to be working fine, but after a thorough examination you may find that it has been infected with a malware attack. This happens far more frequently than most people understand, and recently happened to a client of ours.

First, a little background. We had been providing SEO services to the client for about 6 months as well as running their paid ad campaigns in Google and Facebook. As we do with each of our clients, we routinely conduct a site audit every 2 weeks to stay abreast of any page errors or other items that need to be investigated or looked into.

Doing this would prove invaluable.

Detection of the Malware Attack

We had noticed the site had a significant drop in organic rankings as we had set up and Organic Position Tracking Report in SEMrush however when we checked in Google search console – which gives us info on any suspicious things or errors that need to be fixed, we did not see anything to explain this drop. Any manual penalties from Google would also be shown here. But there was nothing.

While this particular type of malware did not directly affect our clients Google Business Profile ranking in their local area, we knew there was something wrong.

When we tried to log in to WordPress we saw that the entire Admin user access had been deleted, the log in link to access the back end of the website was no longer appearing.  We had to go to cPanel to create a new WordPress log in user and give this user log in access. The WordPress login details were not working, and the admin panel was entirely blocked and was showing a 404-page error. We checked the C-Panel (which was fine, not hacked entirely) and after a more thorough look through Google Search Console and the WordPress backend, we located the malware affecting the website.

The site was hacked on June 10 however the issues were detected on June 12 introduced through a plugin named “minoorange-malware-protectionsd” which had been installed in WordPress. But not by us or the client.  We immediately uninstalled the malware and performed a total backend inspection through a plugin called Wordfence which recommended a thorough cleanup of the entire server.

As we went through the indexed site pages, we saw that malware had created domain referring links which had recently also been improperly indexed.  As seen from the screenshot above, all the links were scripted in Chinese or perhaps Japanese.

Disabling and Containing the Malware

We initially found over 55K URLs had been indexed while the site had only 6. This amount ultimately grew to 2.4 million links.

Next, we deleted the “sitemap.xml” file uploaded from the hackers and redirected the sitemap.xml file to the one for WordPress “sitemap_index.xml” created a custom “robots.txt” file and uploaded that to the server. Focusing on the WordPress sitemaps. We fetched all the URLs from the search results through a URL extractor tool and copied those URLs in a text file and which we named “spammy-links.txt”.

We then uploaded the text file named “spammy-links.txt” under the root directory or the public html folder and submitted the file “spammy-links.txt” as a sitemap file on Google Search Console.

We removed the URLs from Google Search Console using a URL Remover tool with their prefix pinging all wanted URLs of the website and re-indexing them on Google Search Console.  URL(s) PING is a process that enables Google or other search engines to index the URLs faster.

We resubmitted the WordPress sitemaps on Google Search Console, however, It took a few days for Google to remove the links from the Search Results and provide only the real ones we are ranking for.

Today the client’s site has been restored and all 2.4million links have been de indexed and the situation harmful attack has been neutralized. However, if not for our adherence to a routine audit schedule and other safeguards in place, it could have been a lot worse.

Preventing Your Site From Being Hacked With Malware

Using SEO consultants and digital marketers with experience and expertise is crucial for safeguarding your website from harmful malware attacks for several reasons. First, they possess in-depth technical knowledge of website vulnerabilities and potential security loopholes. They can assess your website’s architecture, code, and infrastructure to identify and address any weaknesses that could make it susceptible to malware attacks. They will understand the importance of proactive measures in website security and can implement robust security protocols, firewalls, and encryption to fortify your website against potential threats, ensuring that it remains safe from malware attacks. Cyber threats are continuously evolving, and new malware variants emerge frequently. Expert consultants stay up to date with the latest security trends and are adept at implementing cutting-edge strategies to combat emerging threats effectively.

A significant aspect of website security is continuous monitoring. As experienced consultants and digital marketers we regularly monitor our client’s website for any suspicious activities, unusual traffic patterns, or potential signs of malware intrusion, allowing them to take prompt action if needed. In the unfortunate event of a malware attack, you need to swiftly respond to contain the damage and initiate the necessary recovery procedures. A quick response can mitigate the impact of the attack and minimize downtime. And last but not least, a malware attack can severely damage your website’s reputation and trustworthiness. Expert consultants can help you implement security measures to protect your brand’s reputation and maintain the trust of your users and customers.

Best practices to prevent a scenario like this from happening to your site include changing your server log in passwords every 1-2 months and always opening cPanel from a new incognito window where cookies are not tracked. When you are finished, log out or close incognito browser. Do not install any unrecognized plugins- and be careful of installing plugins as not all are secure.

In conclusion, the expertise and know-how of expert SEO consultants and digital marketers play a vital role in safeguarding your website from harmful malware attacks. Their technical knowledge, proactive approach, and continuous monitoring ensure that your website remains secure and reliable, protecting your business and your users from potential cyber threats.

Contact us if your interested in getting a Free SEO Audit performed for your site or discussing your SEO needs.