Looking for someone to help with a delisted site after a malicious hack
-
Hello,
My website - www.musillawfirm.com was recently hacked and has been de-listed by google. It had some sort of a crypto mining script on it that I was able to remove. It shows up if you type in the domain but even a generic search for "musil law firm" does not show the site - it used to rank # 1 for that term and #1 or 2 for immigration lawyer in my local area. If anyone can assist me in getting it re-indexed please let me know and let me know how much it would cost. I tried getting it re-indexed through the search console, but no luck.
Thank you kindly
-
If you have been hacked probably Google put you on a blacklist. So, in that case, you need to clean up your site, and then request an evaluation process on Google. You will need to explain what happened, and what did you about it. I have a case like this a year ago.
Once they make sure you are a secure site, then you will visible again. I try to enter to your website and the firewall is blocking your site.
URL: http://www.musillawfirm.com/
Category: Malicious WebsitesSo, in that case, your site is still insecure or still is on a blacklist or even both.
-
I made an audit and your situation does not look ok.
http://www.musillawfirm.com/
Virus: HTTP
Virus: SmallHTTP
Virus: W32/Http.FILESHARE
Virus: W32/HTTP.A!dos
Virus: W32/Kryptik.WWW
Virus: VBS/Doget.HTTP!tr.dldr
Virus: Riskware/TinyHTTP
Virus: W32/NukeHTTP.A!trThe Fortinet Anti-Virus Analyst Team is currently in the process of creating a detailed description for this virus.
HOPE THIS INFO CAN HELP YOU
-
Thank you! How do I remove it? And how do I ask google to take me off the blacklist?
Thank you
-
Ok this is, not a simple process
STEP - 1 Review Warning Status
Your website is blacklisted because Google scanned your site and found harmful behavior. Google needs to protect its users from dangerous websites that show up in their search results. In fact, websites that repeatedly get blacklisted for malicious behavior are limited to only one review every 30 days. That big red splash page (and warnings next to your site in Google's search results) are designed to stop visitors from entering your site. It works, too. Websites lose about 95% of their traffic when blacklisted by Google.
The specific warning message on your site can help you to understand what Google is telling you about the type of security issues they found on your site. This information will be useful in the following sections of this guide.
Here are a few examples of common malware warnings that suggest your hacked website is serving malicious downloads such as viruses, spyware, rootkits, and ransomware. Most browsers use Google's blacklist API, but Microsoft (IE/Edge) have their own. The following images are examples of this kind of blacklist warning from popular browsers.
- Website Malware Warnings
- Website Phishing Warnings
So the first step is to identify which one is your problem
STEP - 2 Fix Blacklist Symptoms
If you use a CMS such as WordPress or Joomla, you can safely rebuild the site using fresh copies of your core files and extensions directly from the official repositories. Custom files can be replaced with fresh a recent backup, as long as it's not infected.
To manually remove a malware infection from your website files:
- Log into your server via SFTP or SSH.
- Create a backup of the site before making changes.
- Search your files for any reference to malicious domains or payloads you noted.
- Identify unfamiliar or recently changed files.
- Restore suspicious files with copies from the official repository or a clean backup.
- Replicate any customizations made to your files.
- Test to verify the site is still operational after changes.
To manually remove a malware infection from your database tables:
- Log into your database admin panel.
- Make a backup of the database before making changes.
- Search for suspicious content (i.e., spammy keywords, links).
- Open the table that contains suspicious content.
- Manually remove any suspicious content.
- Test to verify the site is still operational after changes.
- Remove any database access tools you may have uploaded.
To clean up your user accounts:
Confirm all website user accounts are valid:
- CMS users
- FTP/SFTP/SSH users
- Database administration panels (PHPMyAdmin, etc.)
- cPanel accounts
- Hosting company logins
- Change all passwords for all users.
- Enable two-factor-authentication (2FA) if it is available.
Backdoors commonly include the following PHP functions:
- base64
- str_rot13
- gzuncompress
- eval
- exec
- create_function
- system
- assert
- stripslashes
- preg_replace (with /e/)
- move_uploaded_file
Step 3 Final Steps
To remove the blacklist warning you need to let Google know that you have completely cleared the infection. To do this, you must have a Google Search Console account (formerly Webmaster Tools).
To verify ownership of your website in Google Search Console:
- Open Google Webmaster Central.
- Click Search Console and sign in to your Google account.
- Click Add a site.
- Type in your site's URL and click Continue.
- Verify your site using the Recommended method or Alternate methods options.
- Click Add a site.
- Click Verify.
- Check the Messages section to review any warnings.
_NOTE: THIS JUST A GUIDE BASED ON MY EXPERIENCE, KEEP IN MIND THAT SOME THINGS CAN BE VALID TO YOUR CASE AND OTHERS WILL NOT VALID, ALL DEPENDS ON YOUR CMS, YOUR SERVER CONFIGURATION AND I CAN NOT GIVE YOU A EXACT ADVICE WITHOUT SPECIFIC INFORMATION _
IF THE ANSWER WERE USEFUL DONT FORGET TO MARK IT AS A GOOD ANSWER
GOOD LUCK
-
Hello
Many sites can help you solve your problem
One of the best hack and security websites in Iran that also provides security services for outsiders is PentestCore whose web site addresses are as follows:
https://pentestcore.com/
-
0243
-
04330
-
04135
-
09304
-
014295
-
03274
-
03414
-
03644