Malware on website

I’m not sure where I should post this so I thought I’d start at the beginning! Please move if not appropriate here.

I have been asked to look at a website that has malware Google and McAfee SiteAdvisor both report it as a high risk.

Is there any way to find out what the malware is and what server technology is being used? If I can get FTP details I guess I can download the site although I have run a scan and the home page is over 3MB!

Any thoughts/ideas would be welcome.

IF the site has malware on it, DON’T DOWNLOAD THE SITE. You’ll just get it on your computer, too.

If the home page is over 3mb, don’t get me started. I’m one of those developers who believes in optimizing a page as much as is feasible (while still trying to retain a certain robustness.) 3mb is, IMHO, overkill.



I’m with you @WolfShade I can see from the scan that the images could do with being optimised, but even then it would be FAR too big. Just far too many images I think. I was hoping there might be something I could salvage from the site. The organisation is a not-for-profit and whilst I’d love to develop a new site from them for scratch they don’t have a lot of cash.

Images are quite often the source of bulk on many websites; but they are not the only thing. For sure, optimize the images so that they are at least the proper size (both file size and dimensions). But I’d take a look at the code and see what else is weighing it down. If they are loading ten JS libraries/plugins (and a lot of events or whatnot related to those libraries) and/or developed it using FrontPage, then there’s going to be a lot of bloat.



But there’s the rub - and where I came in. How do I look at the code without getting infected with the malware?

Have the hosting provider run the malware (AND Anti-virus) scan on the server.

If it’s a co-lo, then I’m not sure. Slap together a cheapie system that you don’t care about keep it disconnected from your network, and use that to download and analyse the documents.



Could you put together a VM and pull it into that?

I wouldn’t. Some malware can detect VMs and initiate an escape function, taking over the host.


A moment of idle curiosity on my part. Duly noted.


Use a VM as test environment. You can easily clone a ‘clean’ VM. For each site you want to test, clone a VM from your pre-built VM.

Hmmm… Perhaps that old XP machine has a use after all…

1 Like

Thanks for your help, chaps. With the help of I have managed to establish that the site runs on IIS and is a WordPress site. Still no idea of what the malware is though…

WordPress is the malware. :smile:

Seriously, though, WP does seem to have a lot of security alerts.



1 Like

LOL. Yes, if it comes to anything I shall certainly be checking the version and security.

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.