SEO: Save Your Site from a Malware Attack
According to Google, malware attacks are on the rise. Over the past 12 months, the number of sites that Google deems to be sites infected by malware have risen from 150,000 to somewhere around 325,000, and those are just the sites that Google has documented.
How does it happen?
Hackers have found ways to steal your passwords, right from your FTP programs. Filezilla, for example, uses a non-encrypted password storage system, and any passwords that aren’t protected in that manner can be stolen. The hacker then gets into your website via FTP and plants their nasty bombs.
In a post by Jonathan Hockman, entitled “Nasty Malware Attack Targets Web Developers,” he explains how this happens:
When a developer visits an infected site, the page installs a virus on their machine that silently copies the passwords stored in FileZilla, CuteFTP, and possibly other File Transfer Protocol (FTP) client software, and sends them to a central server. The server then runs a bot to access all sites for which credentials have been stolen and installs an iframe injection attack on many pages, further spreading the infection.
When Google detects malware on your site, they will usually pop it right out of their index, meaning no more search traffic for you. If your site has a large volume of its traffic coming from Google search, and you make money with your site, you’re fried.
Here’s where Google Webmaster Tools comes in handy. If you list your site, be sure to verify it, and check it regularly. You’ll know if your site is having any problems. There’s a wealth of data in Webmaster Tools, and if you’re not taking advantage of this free resource, well… get with the program! Any serious business owner should be using this to find problems in their sites.
You can also switch your browser to a more secure one, like Firefox (especially with the “No Script” add-on) or Chrome. Internet Explorer… feh. Buggy, holey, and you really need to get yourself a real browser.
Change your FTP program to one that encrypts your passwords. Dreamweaver has this set already. Smart FTP, which I use has password encryption, and explains how this system works on their site:
“The client takes this special string, using a process known as ‘hashing,’ combines it with your regular password to create a special one-time-only password, which is then sent back to the server. The server performs the same process using your password, and if the two one-time-only passwords are identical, you are successfully logged in.”
This type of system is much more secure than passing the plain text password to your server. It’s definitely an argument for buying your FTP client rather than just using a free one.
You can also (and should) check your site’s rating at McAfee Site Advisor. Even sites that have no malware attached can have issues with McAfee (note earlier post: Beware the McAfee Red X ). You really don’t want your site to be showing up with one of those red X’s beside them in Google’s SERPs. But, if you find that’s the case, you may already have a malware issue.
Taking just a few simple steps can assure that you aren’t infecting and infecting others. You owe it to your business and your customers.
Eugene Cheung
September 14th, 2009 at 1:22 pm #
Thanks Pat for sharing this interesting topic. I will definitely check out the Google Webmaster tools.
Pat Marcello
September 14th, 2009 at 6:08 pm #
Nice Eugene! You’re going to love them. I learn a lot about my readers from there, too.
- Pat