Malware inserted into website?

[theflash]

Hi,

For the first time we've had one of our major clients website infected by malware from some strange domain we've never heard of.

Does anyone have any advice for this?

Google says the 1st step is to take the website offline but I can't find out how to do that. Is the only way to suspend the domain in WHM? We tried it, but when you visit the website it still shows (with the malware warning.)

Any help greatly appreciated,
TheFlash

 

[cPanelMichael]

Hello

Do you have root access to this system? If not, you may want to consult with your web hosting provider to have them investigate this account to determine how it was exploited. If you do have root access, or if you primary concern is removing the redirect, check the .htaccess file within the account's public_html. It's likely a rewrite rule exists in that file. You will need to manually remove the malicious entry and suspend the account again if necessary.

Thank you.

 

[quizknows]

Even if you suspend the domain in cPanel, the google warning will remain until they re-crawl the site.

I would advise consulting your host or a qualified security administrator.

Once you have found the source of the infection, and cleaned it, sign up for "google webmaster tools" and you can add/verify the domain there and request a re-crawl to clear the google warnings.

 

[webmasteryoda]

If you have control over ssh of your server install maldet, configure it and scan your home folder.
Check for changed files and replace them with the original ones. Delete the malicious scripts and secure the cms.

 

[sslsecurity]

Right now no need to suspend the domain, You should scan your website first with any of security guard software such as Comodo Hacker Proof TrustMark or other daily Vulnerability Scan Process. It will show you the location which is affected from malware. Once you locate the area of malware then you can easily remove the affected page or recover your website from malware with the help of Hacker Proof TrustMark.