Manually Removing Malicious Content
Site owners’ first attempt at remediating the issue is to manually remove it. When attackers exploit vulnerabilities, the content injected into site pages is often hidden and usually stored in database tables. This means that a full scan of the site and the database should be performed. For sites with thousands of posted content, this could mean searching for a single malicious script in thousands of records. If files are infected, it could mean that the cleanup involves thousands of compromised files.
- Simply deleting content from files or the database isn’t an option. In many malware cases, an attacker edits content in file contents. Should you manually remove this content, it could break the code and result in errors on the site. Manually deleting malicious content from database tables has the same potential effects. Deleting content could also break the data that renders in the user’s browser.
- Malware is often stealthy, so an additional issue is finding the injected code. It often co-mingles and masquerades as legitimate code, so it’s difficult to detect. For example, hacked sites often have hidden links to pharmaceutical sites. This hack is commonly called the “pharma hack.” The goal for attackers is to hide links in legitimate content so that it can’t easily be detectable. Even if you find malicious content, you could miss other injected content, meaning your site is not completely clean and still serves malicious code. The same can be said for content hidden in database tables.
- Because sophisticated attacks are competently hidden, it takes a professional who knows how to find hacked content. Most small website owners do not have the funds or the resources to manually remove hacked content, so they need to hire a professional to go through the site and find hacked content. This can be expensive for a small site owner, and could take weeks for the site to be fully cleaned from malware.