I’m not sure where I should post this so I thought I’d start at the beginning! Please move if not appropriate here.
I have been asked to look at a website that has malware Google and McAfee SiteAdvisor both report it as a high risk.
Is there any way to find out what the malware is and what server technology is being used? If I can get FTP details I guess I can download the site although I have run a webpagetest.org scan and the home page is over 3MB!
IF the site has malware on it, DON’T DOWNLOAD THE SITE. You’ll just get it on your computer, too.
If the home page is over 3mb, don’t get me started. I’m one of those developers who believes in optimizing a page as much as is feasible (while still trying to retain a certain robustness.) 3mb is, IMHO, overkill.
I’m with you @WolfShade I can see from the scan that the images could do with being optimised, but even then it would be FAR too big. Just far too many images I think. I was hoping there might be something I could salvage from the site. The organisation is a not-for-profit and whilst I’d love to develop a new site from them for scratch they don’t have a lot of cash.
Images are quite often the source of bulk on many websites; but they are not the only thing. For sure, optimize the images so that they are at least the proper size (both file size and dimensions). But I’d take a look at the code and see what else is weighing it down. If they are loading ten JS libraries/plugins (and a lot of events or whatnot related to those libraries) and/or developed it using FrontPage, then there’s going to be a lot of bloat.
Have the hosting provider run the malware (AND Anti-virus) scan on the server.
If it’s a co-lo, then I’m not sure. Slap together a cheapie system that you don’t care about keep it disconnected from your network, and use that to download and analyse the documents.
Thanks for your help, chaps. With the help of www.seocentro.com I have managed to establish that the site runs on IIS and is a WordPress site. Still no idea of what the malware is though…