It’s never a good feeling when you first discover a malware intrusion on your website, or a client’s website for that matter. Like walking to your car in the morning and seeing a broken window and the contents of your glove compartment strewn about the front seats, you feel a pit in your stomach, a bit of anger, and a bit violated all at once.
Malware sucks, and therefore programs like Google AdWords have very strict policies related to malware. Additionally, malware or any number of other types of nefarious intrusions into your website can lead to your website’s organic search listing being accompanied by an ominous warning that can have a very negative effect on click-thru rates to your site:
However sometimes the task of cleaning up an infected site and getting back into compliance can be daunting to say the very least. Pouring through every directory on your server looking for recently modified files can be extremely time-consuming.
Worse yet, with program like Google AdWords, your site doesn’t necessarily have to even be infected by malware to have it’s ads get suspended. In one recent instance, a client’s site was suspended for malware simply because there were a small number of references within the CSS to a background image hosted on the original website designer’s domain. That designers site was infected by malware.
Yes, a couple lines of CSS amongst several thousand violated the following policy, resulting in 2 and a half week wild goose chase trying to hunt down the source of the problem:
- Sucuri Security malware scan
- Google Webmaster Tools* (requires site ownership verification to access)
- Quettera anti-malware monitoring
Sometimes these scans can unveil the root of the issue, and it can be addressed without further issue. But in other instances, such as the AdWords policy violation described earlier (due to a CSS reference to a site infected by malware, not an actual malware infection), these aforementioned scanning services are unlikely to even detect a problem. In that situation we recently face, our ultimate solution was to turn to the good folks at Sucuri.net.
Although identifying the offending piece of CSS was a long saga involving a half dozen phone calls to the always exceptionally helpful and very specific Google AdWords telephone support staff… 😐 …we eventually were able to find the issue, at least one piece of it.
Once I gave up and hired professionals, Sucuri identified 4 files and 3 database references within 30 minutes that they quickly removed. Aside from the quick and efficient clean-up work, the peace of mind of having daily server-side scanning and pro-active identification and removal of any future threats to the client website covered for the next year is awesome. Best of all, that annual service is only $89, which I would have gladly spent sooner to get the issue dealt with sooner in retrospect.
Moral of the story? Malware sucks, and can mess up you AdWords account (or worse) for weeks at a time. But finding and paying the right people to handle your website security can pay for itself ten times over when you consider the hours you’ll save not having to pour through code to fix a hack or malware infection.