Guest post by: Jonathan S.
Abuse & Security Analyst
Phishing scams and malware infected sites are some of the many problems that the Abuse & Security Department is in assigned to handle here at HostDime. It’s also one of the most common issues that we will find when clients inform us of warning labels placed on their sites.
Mozilla Firefox and Google Chrome browsers are featured with “Phishing and Malware Protection” which will alert the visitor that the page they are about to view may try to steal their information. The alert message is spawned from a published list of known attack sites which is maintained by Google and StopBadware.org.
The primary reason this message will appear is either a phishing scam attempting to lure the visitor into updating their personal information on fake (but very real looking) website, or malicious scripts that have been injected into the source of the website which cause your browser to download malware.
When a site has been injected with malicious scripts, additional code is added to most pages on the account. They can usually be found at the top or bottom of the page source. Other times it may be hidden deep in the account’s files. This code is used to help steal information from the user and spread itself to other sites. But how did it get there in the first place?
Malware is the main cause of script injections on hosted accounts. Many times users will find that their personal computers, Windows and Mac, have been infected with bad programs that are used to capture keystrokes and FTP account credentials. Once the bad guys have your FTP user name and password, Botnets (large networks of hacked computers) are used to access the site from around the world and uploaded the extra code to the sites files. At this point, it’s only a matter of time before the malicious code is detected by Google and the site is flagged.
Once the site has been reported to our team, we will evaluate the damage from the injections and clean the files of the unnecessary code. The next step is for the client to contact Google Webmaster Tools to request that the site is re-evaluated, or scanned, so that the warning message can be removed. This is the part that we are not in control of.
The best way to prevent these issues from happening to a site is to keep the opperating system and the programs updated and be careful when downloading, making sure that the files are from the proper place. Next time you stumble across a red alert message, be sure to contact our team and we will do our best to get your site back to normal.