The Battle Against Malware
When it comes to my customers websites getting hacked or infected with malware (malicious software) I always say “I’ve been very lucky” but, as has been said before, you make your own luck.
I was reminded of this when I discovered fifteen of the websites I’d just taken over were infected with malware. It would have been unprofessional to treat the situation as anything less than urgent so, as my bank holiday weekend plans lay in tatters, I knuckled down to one of the most mind numbing jobs I’ve ever experienced.
What About The Backups?
The preferred fix is to simply re-install the site using the last clean backup. This solution is fast and avoids the risk of missing an infected file and/or accidentally breaking the website whilst ‘performing surgery’ on it. However this approach requires you to a) keep regular backups and b) have identified the malware very quickly. Unfortunately in this situation most of the sites had been infected for well over a year so the backups were either infected or too out of date to be of any use. Short of recreating the sites from scratch the only remaining option option was to clean them manually.
Manually Cleaning The Sites
Most of the infected websites were based on Joomla which, in my experience, does appear to be the most vulnerable of the major content management systems. In some cases it was a legacy issue where files from a defunct Joomla installation still resided on the server. Here it was simply a case of deleting the spurious folders and I did not bill the customers for this overdue ‘housekeeping’.
For the Joomla sites with live infections I had to examine each infected file and either delete it or edit out the malicious code. The databases were also searched through for any references to the infected files. Although this is painstaking work, happily not many files were infected and they were relatively easy to clean up. Customers affected in this way received a very modest bill. I can only imagine what some organisations might have charged for such work.
The biggest challenge was actually a Drupal site with 1,424 infected files each of which had to be inspected and either deleted or modified. This site alone took 6 very intense hours (I literally didn’t leave my seat) but I’m pleased to say, a couple of weeks on, no issues have appeared and it continues to scan as clean. Quite an achievement. This customer has received a bill for six hours labour, probably a tenth of what a security expert would have charged.
I’ve always avoided malware with the approach that prevention is better than cure but, when it comes to websites, you can never prevent 100% of the attacks from succeeding. Additionally I often take on sites abandoned by fly-by-night web designers who don’t take the precautions I do so clearly it was time to plan for the worst and be ready to deal with it. As of this month all my customers websites are now automatically scanned for Malware every day. This way I will always be able to respond quickly and restore a backup should the worst happen. Never again will I spend an entire bank holiday weekend removing malware!