How do I clean my site considered as a malicious page? Print

  • 20

When your site is considered as a malicious page, it is your responsibility to "clean" it to remove from it any corrupted file, link or fraudulent script having placed it in this situation.
This situation is not to be taken lightly, as it can lead to the deletion of your account if you do not act, in accordance with the terms and conditions that you signed with your hosting contract with us.

To understand what happened to you, we invite you to first read the following question from our FAQ : Why is my site displayed as "malicious"?

In order to get back to a normal display of your site's content: without this red alert page, an anti-virus blocking or the mention "Malicious page" in the results of a Google search, you will have to do the following steps in order, which you will find the explanations in detail below :

  1. Identify the unwanted content;
  2. Change your passwords;
  3. Remove unwanted content;
  4. Notify Google that your site is no longer unwanted.


We recommend that you read the entire content below before doing anything on your site. You will have a much better understanding of what needs to be done and how to do it, as well as your ability to do it yourself.

1. Identify unwanted content

First of all, you need to be able to identify what is wrong with your site: it can be dangerous scripts or files as well as links to other dangerous sites, files or scripts. The easiest way to do this is to ask Google what it has found. To do this, go to the following address, taking care to replace the text "your_domain_name" by your real domain name, such as something.ch :

https://transparencyreport.google.com/safe-browsing/search?url=votre_nom_de_domaine

You will then get a summary of the security report of the problems on your site identified by Google.

To get more details about these problems, as well as to be able to warn Google that your site is no longer undesirable (only once you have cleaned it up), you will have to register to the "Google Webmaster Tools / Google search console", at the following address

https://www.google.com/webmasters/tools/

Once registered, add your site as a "property". After validation, you will be able to consult the "Security Issues" section to have more precise details about the problems found on your site, which will certainly help you to correct them.

2. Change your passwords

Malicious people who managed to hack your site have certainly managed to get your passwords. In any case, you should therefore start by changing your passwords by choosing new strong passwords (at least 10 characters long, with numbers, upper and lower case letters and symbols, no dictionary words). Be sure to store them in a safe place and away from prying eyes. Here are the passwords you should change:

  1. Access to your control panel (cPanel): How do I change my control panel access password?
  2. This will also change the password for your main FTP account, your main e-mail and the default access to MySQL databases.
  3. Secondary FTP accounts: if you have created other FTP accounts in your control panel, change their access passwords to all of them
  4. .
  5. Administration access to your site
  6. : Depending on the CMS/software you use (WordPress, Joomla, PrestaShop, specific software, etc...), the procedure may vary, but it is this access that is most often the gateway for hackers.
  7. Databases: change the access passwords to your databases for all database users who have access to them. Warning: this will make all your database sites non-functional. Do not update your database password in your website(s) yet
  8. , wait until you have completed the cleanup to do so, at the risk of providing your hackers with your new password on a plate.
  9. e-mail: How to change the password of my e-mail account ?
    Since some of your e-mail accounts can be used to recover passwords, this operation is a precaution not to be neglected.

 

3. Delete unwanted content

There are two methods to do this: restore a backup or correct your site. The choice of the method is made according to what is available, the criticality of the data contained in your site, and last but not least, the simplicity of the problem to solve (following the diagnosis given by Google).

Restore a backup :


The simplest and most effective way is to restore a backup. If you have a backup of your site that you are sure dates back to before it was hacked, restoring it is the best thing to do.

Useful information: We remind you that we make regular backups of your data & hosted sites, if you are able to tell us a date not too far back that you are sure your site was not yet compromised, we can certainly make this restoration for you. Restoring a backup (only) is a free operation for backups that are on the same server as your hosting; these backups are not daily. We do daily off-site backups, but restoring them requires a more complex procedure that will be charged extra. For more details about the available backups or a free quote, please contact our support team: support@tizoo.com

Important: once your site is restored, don't forget to do the following

  • Use the new password of your database modified previously, otherwise your site will certainly not work;
  • Modify again, since you have restored a backup containing the old one, the passwords of the administration accounts of your site (WordPress, Joomla, etc...);
  • Update the software of your site in the same time, to guarantee that your site cannot be hacked again.

 

Fix your site


It may be very simple to fix, for example if it is only links that need to be removed from your site. Correcting it will take less time without the risk of losing data from your site.

In other cases of "deeper" hacking affecting the structure of your site, if there is no backup of your site available or if you do not want to lose the data stored on your site between the last known valid backup and the hacking, you have only the option of scanning and correcting the content of your site. Be aware that this operation is not the best one because it can be very difficult for a non-initiated person to solve all the problems related to a website hacking.

We provide you with a free tool in your control panel that allows you to scan your hosted files for malicious code. To do this, once logged into your control panel, scroll down to the "ADVANCED" tab, then select "Antivirus Software". Initially scan onlythe"public web space", if you find any malicious files, then we advise you to run a scan of the "entire base directory" afterwards.

Important: Once you have finished, remember to review the following points

  • Use the new password of your database modified previously, otherwise your site will certainly not work;
  • Update your site's software at once, to ensure that your site cannot be hacked again.

 

4. Notify Google that your site is no longer unwanted

Once you have finished correcting all the errors on your site, using your Google Webmaster Tools account, you can tell Google that it has been corrected. Google will check and remove the blacklisting and the warning message about your site if it no longer finds any problems with your site.

Security, update, configuration... I can't figure out what to do: can't you do it for me?

The management of your site is your entire responsibility, in accordance with the general terms and conditions of sale that you signed with your hosting contract with us.
But we have a notorious experience in solving this type of problem and we can, at your request, give you an estimate for the cleaning of your site as well as for its update to the latest version of the programs you use.
For any information, please contact us : support@tizoo.com

 

Was this answer helpful?

« Back