While browsing on internet we happened to see the above report quite often. Sometimes even our own website might have been reported as attacked site by Firefox. Don’t get panic, do not get disturbed by the above report, but, you have to do something immediately to save your computer as well as your website which are described here:

What does it mean and why I am seeing it

You are seeing this message because the website you visited has been attacked or hacked. Firefox 3 or later version contains a built-in Phishing and Malware Protection; to help you to keep safe online. These features will warn you when a page you visit has been reported as a Web Forgery of a legitimate site (sometimes called “phishing” pages) or as an Attack Site designed to harm your computer (otherwise known as malware).

What Should I Do?

If you are a visitor to the attacked website you must leave the website immediately at once. If possible you can notify the webmaster about this issue on their website. If this is your website no need to panic, worst things happens sometimes; the vital point is how you react and overcome the problem.

How it Happen

This particular question has many answers. The known possibilities are: 1) May be your FTP credentials has been compromised. 2) May be because of bad programming which has lot of security holes. 3) May be the open source script you are using is outdated which has a major security hole. And so on… So, tracing what caused the problem is not the priority here. If this issue is not taken care immediately then your website traffic will come down rapidly and then in few days you know what will happen. Soon Google will mark your website as “This site may harm your computer” in Google search results. If this already happened to your website you must also read my other article on How to remove “This site may harm your computer” label in Google Search results.

this_site_may_harm copy_final

Important tasks to do

Somehow the hacker sniffed your ftp username and password so below is the list of things you must do before removing the malware from your pages. 1) Scan your computer for any spyware, malware or virus. The combination of Malwarebytes, SuperAntispyware & Avast will help you. 2) Change your FTP passwords. Strong password with combination of alphanumeric & special characters recommended. 3) Change your hosting control panel password. Strong password with combination of alphanumeric & special characters recommended.

How to check and remove malware in your pages

Highly affected pages are index pages so you must check the index pages of your website for any malicious html codes like which directly points to the website that distributes malware. This code is mostly placed next to <body> tag or at the end of your index page. A typical example of how the malware codes will look like is displayed below, iframe If you have the latest copy of entire website just wipe out all the old pages and replace with fresh clean copies (recommended) or just replace the infected pages with fresh clean copies.

What Next?

1) Check your website daily for few days to make sure things are right. 2) Regular backup of your website is always recommended. 3) Check your access logs for anonymous activities. 4) Always use legitimate softwares. 5) Change your FTP and Control Panel passwords time to time. 6) Make sure your Antivirus and Anti-Spywares are up-to-date.

techgist tips: “Prevention is always better than cure” so always be alert and take all preventive measures to safeguard your website. Be aware of the spyware and malware threats. Keep updating your knowledge on the software tools available to face the hacker’s threat. Finally, do update your Anti Virus, Anti Spam and Malware software periodically.