Fixing Hacked Content


(Aaron Diecker) #1

Hello Brilliant Rapidweaver Folks,

I received a message from Google stating there’s hacked content detected on my site. I added a SSL layer to my site, then re-published the entire site from scratch, then re-submitted to Google for approval. Reconsideration was rejected twice.

Any suggestions? Here’s a link to my site to examine the code - I hope you don’t face security issues of your own when you take a look.

https://creativelyforward.com

Thanks,
Aaron


(David) #2

Hi Aaron,
I had a non-RW site hacked with what is called a php spam injection hack, and found the hacker had put an .htaccess file in the root which referenced a number of .php files that were rewriting thousands of spam links on many of the pages of the site. There was also a folder with about a gb of files, each a few kb in size. So you have to log into your account with an ftp app and delete all those alien folders and files. They hid many of the malware files in existing folders or new folders. Sometimes they were named randomly, other times they had names that were variations on existing file names. It might be easier to delete all the files on the server and re-publish all files with RW. After i cleaned out all the malware files and my existing files, i re-published and Google approved the site.

Btw, this site was a shared hosting account with Godaddy, and after checking a few other sites that i administer that are also hosted on Godaddy, i found many of the same malware files in place as if they were waiting to be activated. When i searched Google about the php injection hack, i found the issue is apparently widespread with Godaddy. When i spoke to Godaddy tech support they were not surprised at all and said it’s a very common occurrence and the only recommendation they had was to change the password every couple of months and took no responsibility for their poor security. Typical Godaddy support.


#3

Whatever SSL certificate you have added does not appear to be valid, since there is no padlock next to the browser address.

There are other steps you can take like protecting your .htaccess file and of course using a very secure password plus strong firewall settings if you have control over this.

Frankly I’d contact your web hosts and if they aren’t super helpful I would change. Another suggestion for making your site much more secure is to use CloudFlare.


(Aaron Diecker) #4

Thanks for the advice and my apologies for the delay. Here is an update on how things worked (well actually didn’t work) out.

I contacted my host, Go Daddy for support. On three separate occasions I called them, and three times they acted like they had fixed the problem, I waited three days each time like they told me to, and the site still doesn’t load. The first approach was to delete the account, and open a clean new account. The second and third times were a little less clear in terms of what they actually tried to do, but it didn’t work.

So anyways, three strikes and they’re out. Do you have a host you like using? I’m considering SiteGround.

Thanks
Aaron


(Jason Bostick) #5

Before you get overwhelmed with people posting about Chillidog. Just go sign up with Chillidog. :slight_smile:


(David) #6

I would guess that the site not loading is due to other problem(s) rather than the hack, but I agree with @jabostick - Chilidog is the way to go. Greg @barchard has been extremely helpful with advice about a site i administer on another bad hosting service. If you look at the massive positive feedback for Chilidog here on the forum, as well as the tech info on the Chilidog website, i think the combination of the outstanding support that Greg provides and the robust features of Chilidog’s hardware and Cpanel features are impossible to beat. I understand Greg is very helpful for transferring and setting up the site as well. The fact that they do daily backups is another fantastic feature. And Greg is a developer for RW add ons, so he’s completely familiar with RW projects. I hope to switch my account over in the near future. So yeah, just go sign up with Chilidog. :sunglasses:


(Gregory Barchard) #7

LOL :stuck_out_tongue:

oh man, @thang @Vchile123 did they give you any input into how the account was hacked? was it through your account or another user’s account who accessed your files?

Thanks for the kind words and recommendation. @VChile123 where are you at now with your site and how can I help you get started on Chillidog (if you’re interested)?

-Greg


(Aaron Diecker) #8

Greg,

No input was given by Go Daddy on how it was hacked. Rather, they closed the account, and opened a new account with a different IP address for me to point towards.

Also in the process I had them try to help set up my SSL certificate. Currently the site looks like this - it doesn’t let me attach the link to this, but it’s creativelyforward dot com with https in front of it.

Your thoughts on how to best fix this using your service?

Thanks,
Aaron


(Gregory Barchard) #9

The easiest way is to sign up and publish your site fresh. To set up SSL, I’ve recently released Let’s Encrypt support. Setting up SSL is now a 1 click install for users from within their Control Panel. I would advise not trusting or migrating any of your files at GoDaddy as you don’t know what has been contaminated. It is highly advisable to publish a fresh site.

-Greg