The lack of proper security measures, poor coding, and application vulnerabilities allow cybercriminals to take over a large number of websites, making them serve a specific role in their malicious campaigns.
Kaspersky experts have made an advisory to teach users how to identify hijacked sites and how to clean them up.
So how can you tell if your website is infected with malicious elements?
If your customers complain that they can’t access it because it’s blocked by the browser or their security app, if the site is blacklisted, or there’s a sudden significant change in traffic, you’re most likely a victim.
In other situations, the website doesn’t work properly, or, after visiting it, your computer starts acting up.
In case you’re experiencing one or more of these symptoms, the first thing you must do is check activity logs. In many situations they can help identify the malicious files and maybe even the way the attackers managed to penetrate your systems.
Then, if you have a clean backup copy, restore the site’s content to its initial state. However, this must be done only after the software that runs on the server is reinstalled.
If you aren’t fortunate enough to have a backup copy, you can track down the malicious files with an automated website scanner such as the one offered by sucuri.net.
In case you’re the owner of the infected server, run a full system scan with a reliable antivirus product, but not before backing up your files, since in some cases they tend to delete infected files instead of cleaning them.
If all else fails, you’ll have to manually go through each files to look for the malicious code. If you haven’t obfuscated any of the code yourself, then all the unreadable pieces of code have been probably planted by cybercrooks.
To prevent your website from being overtaken in the first place, make sure that you use strong passwords, permanently keep all software components up to date, frequently create backups, scan your files on a regular basis, and – in case you own the server on which it’s stored – be sure to harden its security.
For more details, check out Kaspersky’s advisory.