How to remove malware redirectors from your website

Kyle GraySummary: Remove malware redirectors from your website

Article by: Kyle Gray

Gray Technical, LLC – CEO

The issue:

Website redirectors are often placed into websites with low defenses to divert traffic to other websites. In most cases visitors of the site with the malware will be redirected to sites not exactly ‘work appropriate’. Having one of these nasty malware redirectors buried inside your website can cause many issues. Not only loss of customers but it can also cause your website to be flagged as a ‘not safe’ site by website scanners (like Google’s search engine).

How to know you have been attacked?

Determining your website is under attack from malware isn’t always easy. More than likely, if you are here, you already know your website is under attack. If you don’t, the easiest way you can find out is by visiting your site via different web browsers. FireFox, Google Chrome, Safari, mobile devices, etc. If your website gets redirected on one of those devices/browsers, then you have a redirector malware installed on your site.

 

How do you fix it?

There are two options to fix this issue.

Option 1: Have someone else do it for you.

The first step should always be to contact your website hosting service. Sometimes, if you purchased a good hosting service/package deal, your hosting service may be willing to backdate your website to a time without the malware. If not, they might go further and even clear your files and scan them for malware.

If the hosting service is not so good, they will redirect you to third party cleaning service that can fix your issues for “a small, single installment fee of $600”. To add to this, your website “will be cleaned within a few minutes”.

Translation: ‘For $600 we can do 10 minutes of work and fix your website’.

I’m sorry, but I cannot justify paying $600 for a 10 minute job, especially knowing I could spend 20 minutes researching how to fix my issue and 10 more minutes to actually fix it. I could save $600 by taking 30 minutes out of my day. Sounds pretty good to me.

Option 2: Do it yourself.

So doing this yourself might sound daunting, however with this guide you should be able to have it done “within a few minutes”. Of course, every website is different and times will vary. That being said, this method should take about thirty minutes out of your day from start to finish.

First, what you will need:

  • Access to your cPanel and/or File Manager
  • Basic knowledge of how to edit files
  • Computer able to access your cPanel and/or File Manager
Before you change anything you should ALWAYS backup your data!

Before we start! Backup all of your files. These steps, if followed 100% without deviation, should not damage your site. However, that doesn’t mean that your computer won’t randomly shut down during the middle of an edit or your file will not corrupt when it saves. For safety, ALWAYS back up your website before you change anything!

And for legal purposes, Gray Technical, LLC is not responsible, nor does Gray Technical, LLC claim any responsibility to anything that happens when following these guide lines. Please complete these steps at your own risk.

First, go to your cPanel (ie: www.[-YOUR_website_DOMAIN-].com/cpanel ) and open your File Manager. Make sure that you select to show hidden files (if that is an option) as you are going to be accessing primarily hidden files.

Once inside the File Manager navigate to your main site’s domain, ‘public_html’. Inside the ‘public_html’ look for a file named ‘.htaccess’ and select ‘edit’.

Inside the ‘.htaccess’ file look for a website url that is not directly associated with your website, like in the image below.

Hacker code

This is your malware website redirector. To remove this, simply delete that line of code, save your file and close out of the editor.

Continue this process through every folder inside of ‘public_html’ and look for any file named ‘.htaccess’.

You do not have to repeat these steps for files/folders that are backups. Backup files typically have ‘.bac’ or ‘backup’ in the name.

And that’s it!

After all of the ‘.htaccess’ files have been modified close out of your cPanel and/or File Manager and reload your website on the browser that was getting redirected. The redirections should now be stopped and your website is clean (or at least from redirectors).

How to prevent this from happening again:

The steps to prevent this attack from happening again are pretty simple, and are listing below.

  1. Periodically change all of the passwords that have access to these files. For best security make sure the passwords are no shorter than 12 characters and have at least one upper case, lower case, number and special symbol.
  2. If you are running your website via WordPress try to install a free firewall/malware/popup/virus blocker. WordFence is a really good ‘all-in-one’ plugin for this and come pre-installed with a few WordPress bundles.
  3. Update all of your plugins, themes, widgets, banners, ads, side content URL links and personal redirectors regularly. If there is a weak point in any of these your website is at risk.

 

Conclusion:

If none of this helps your case please research other methods with your specific situation. There are many ways hackers can attack your site, and this cleaning solution only applies to one in particular.

Don't Forget

If you like this post and would like to subscribe to our newsletter to learn more about Gray Technical please follow this link.

As always if you would like to contact us for help or information please email us at support@graytechnical.com

Logo - Gray Tech 2 d