Is Malware Stealing Your Traffic?

Hi Guys,

Today I wanted to share my recent experiences with you and to also warn you that this CAN also happen to you if you don’t take precautions.

Over recent weeks I’ve had various issues with some of my customers saying that they can’t access my site.  To them it appears down although there was zero downtime.

A couple of others said that my site was blocked by their anti-virus software due to a trojan.  Tests using my own software, and even talking to my technical support guys… It all came back as clear with no visible issues.

One of my sites EVEN got temporarily black listed by Google and although still indexed they weren’t passing on any traffic due to security issues.  I followed the guidelines and logged into Google Webmaster Tools and Google themselves OK’d the site and re-listed it.  I couldn’t find any dodgy code on my web pages either so it was odd.

Anyway, after a few more reports of issues with my sites I wasn’t happy and needed to get to the bottom of it.  I ended up performing a full server scan and the results shown quite a number of infected files.  What I noticed was that these were on OLD unused scripts on domains that I wasn’t even aware I still had.  The issues arisen from old shopping cart installations and old email form scripts.

Hackers could access other areas of my server… EVEN other secure domains! … ALL through these outdated scripts.

Most of these injected files were in /image/ folders but instead of a jpg image the extension was .php  Very easy to spot when you know where to look.

I of course removed ALL of these files and removed the old scripts and installations completely.  This would prevent further attacks.

So, how did these hacks work?

Ok, they basically got access to all the htaccess files on my server.  This is the first point of entry for any website.  They injected a load of white space before adding lots of re-direction code.  This means that some people would investigate and wouldn’t see the malicious unless they scrolled down.

This code would basically re-direct visitors to another website or mailicious file.  You’d think this would be easy to pick up on though right? The issue here is that if you visit your site directly or through a standard link MOST of the time you would get re-directed to YOUR site.  If however, you search for your site in the search engines using any of your keywords or URL etc and then click through to your site… you will be re-directed to a different site.  This means ANYONE who finds your site in the likes of Google will likely get re-directed to somewhere else other than you website.  This means LOST traffic and eseentially lost sales.

Some of this malicious code steals just SOME of your traffic so it doesn’t raise red flags.  This means that it could be weeks or months before you would notice there is an issue.

There are many types of malware and website hacks.  To protect yourself from the problems I’ve faced you can do two things:

1) Ask your host for a FREE malware server scan.  This will return URLs / files that have been infected.  You can then remove these.

2) Keep your WordPress Blogs, shopping cart scripts or any other third party script UPDATED all the time.  The reason these are updated is to prevent hackers from finding weakness pointsand entering your sites or server.

3) Remove any scripts that you nolonger use or have become redundant.  It’s easy to just forget about old forums, or WordPress installations that we no longer use.  Don’t leave them up! Either update them or REMOVE them completely.

4) Manually check your htaccess files.  You can do this using ‘File Manager’ in cPanel.  It’s in your website root (in /public_html/) and to see it you need to choose to include hidden files.  Then select the htaccess file and click on the ‘Edit’ link at the top.  Check what code it there.  Often there is no code… other times there will be some code there that you need to keep. See if you can scroll down though… if you can, scroll slowly all the way to the bottom and see if you see a block of code halfway down.  If you’re unsure on any code you find, send this to your host or technical support and ask them to confimr whether the code is safe or not.

5) Another simple test although this might not work ALL the time is to search for your site in Google and click on it.  Does it re-direct you to your site? Or somewhere else?

I put my issues down to a serious school boy error.  It won’t happen again and I’m aware now of what I need to do to protect myself.  I urge you to do the same.  This is a REAL threat and it can happen to anyone.  Don’t let it be you.

Download My Malware Checking Software For FREE

Check to see if your websites contain malware

As an extra precaution…. I’d like to offer you some malware checking software for FREE.  It allows you to enter a list of your domain names and it will check for malware, re-directs etc.

I will be updating this software soon to offer more details ‘IF’ it does find any issues with any of your sites.  In the meantime, please feel free to contact me via one of my contact us pages…. http://www.andyblackseo.com/login.php  Feel free to ask any questions there, or send me the problematic domain names and I’ll investigate further for you.

For those of you that either didn’t receive my recent emails about KeywordXP (New longtail keyword software with RESELL rights) or haven’t taken a look yet, you can check it out HERE whilst it is still available. Thousands of copies have already been snapped up and it really is an insane offer.

To your success!

Andy Black
AndyBlackSEO.com

P.s. – I have a very VERY cool software application being launched on 6th August.  I’m currently running some tests with it and all I can say is WOW.  I’m sure you’ll start hearing the buzz about 1 or 2 weeks prior to launch… but I’ll be posting some news soon about it 🙂

 

3 comments

  1. Sorry to hear you troubles with your websites. I too was victim to these attacks about a year ago. Extreme pain the butt to figure out and correct. Ran your software all domains came back in the clear. Would be interested to know more details on how it looks for the various vulnerabilities. As a suggestion it would be nice to have this schedule an automatic run at a chosen interval: nightly, once a week, month, etc. with possibly an emailed report. You should also consider releasing this as a WSO. Thanks for a great freebie Andy, blessings to you.

  2. LarsLanglo says:

    Hello Andy,

    I just tried to login to my article writer pro account thia AM and I am still getting a pop-up from my Norton stating it is unsafe. Just an FYI.

    On a positive note I just wanted to let you know how helpful and important article writer pro isto me on a daily basis. I love it and use it all the time. Just wanted to publicly thank you for a great product. I am quite happy to pay the monthly charge… 10 x worth the cost 🙂

    I do have a quick question for whenever you have the time to answer it – no rush.

    I use the quick indexing feature in A.R.P. but I don’t really know what it does or how it works. If you could send me via e-mail a more lengthly description or change the description on the site, that would be helpful. It works great (I think) but for a newbie, I am not eactly sure what it does with my URLS every 12 hours.

    I thank you in advance – Lars.

  3. LarsLanglo says:

    It does not give the pop-up if you go directly to the pages, only if you arrive there from a google search… just like you said! Just another FYI. Great product. Thanks again.