Steps to restore website from attack

Some of my client’s sites got infected from a virus where the sites were hacked and Google blocked the sites because that sites were started broadcasting malicious components and generating scrips that can harm the viewer’s computer.

Reported Attack Page warning

Symptoms to this situation is that your site will first be blocked by google.com and you’ll see a message once browsing generally in Mozilla Firefox browser that this is a “Reported Attack Page” and in description you’ll find a details that if you visit this site or page, it may harm your computer. The page will be colored in black and read in warning. This is a situation where you’ll loose a trust from your viewers and or customers as they might hesitate to revisit your page keeping in mind that the site was under attack and may harm their computer.
Here is a picture of how a Reported Attack Page warning appear in browser.

How to remove Reported Page Attack Warning

Why My website is blocked by google
The obvious reason where your site was blocked by google, is of course it was involved in generation of some malicious components and the scrips are re-directing your site to some other harmful sites and that The site may be distributing malware. But, going through the bud that why the situation was occurred is as follows.

    Your hosting account was compromised
    Your FTP account was compromised.
    You might not be using effective Anti-Virus or Anti-spyware
    You might have visited harmful site where you click on the script that caused your secrecy be shared.
    You might receive some unknown email with a link where you clicked and the password of your account was sent to the hacker.

How Can I restore my ftp website from hacker’s attack ?

Clean your computer from viruses and format your hard disc. Then login to your ftp account and check all the files for any additional scripts (if you don’t know about coding, refer to your webmaster). Generally eval code which is also known as base64 coding will be shown at the top of your index.php or index.html file. Same code you’ll find on many other files top portions like on config.php, function.php, and may other files get inserted with the same code. So, be sure to chick all files. Additionally you’ll see an additional file of gifimg.php file generally placed in each images folder and in the root as well, Be sure to remove them as well as these files help scripts to run.

The best way you can do is to keep update with the Google Webmaster Tools at the link Google Webmaster Tools where you can create your free account. All instructions to create account and to get stats of your websites are clearly mentioned in easy steps.

Secondly, never share your ftp or hosting account password with anyone and if you have created some temporary ftp accounts, be sure to delete or disable them later. Always use updated anti-virus and anti-spyware to avoid attacks. Finally, keep scanning you personal computer or laptop for with latest anti-virus software so you can get rid of the problem.

Send Request to Google to Review Website

Once you have cleaned up everything and pretty satisfied that there is no viruses or additional files/scripts with your codes, you can then logon to your webmaster tools account and send a request to Goolge to Review your Website.

Topics:
Website under virus attack
Website under Hacking Attack
Role of gifimg.php file
How to remove Reported Attack Warning from the site
How to send a Review Request to Google?
How to get rid of website Hacking
What Anti-Virus is best to avoid Virus Attacks