, ,

Malicious Redirects – preventing and removing them

Many website owners don’t know they’re infected with malicious redirects until they start getting calls from concerned or confused customers. Instead of the site they were expecting, it loaded some unexpected and non-related content.

Malicious redirects are caused by hackers injecting scripts into legitimate websites that send visitors to other websites where they usually get scammed or infected with malware.

Examples of malicious redirects

  • Scripts that execute malicious redirects can lurk anywhere on a website. We have found them in databases where they recognized real visitors instead of search engine spiders and then sent traffic to a malware download.
  • The malicious redirect was triggered from a search engine results page, not within the infected website. One-click and wham — malware starts downloading.
  • It’s also very common to find malicious redirects infecting third-party scripts for components like themes and plugins. In one instance, the much-beloved Tweet counter on WordPress websites.
  • In another, a third-party component deliberately redirected mobile visitors to the legit download pages of unwanted apps — an effort to score extra money.

Given the potential consequences of malicious redirects, it’s crucial to carefully evaluate third-party components before installing them.

The impacts of malicious redirects

Like any hack, malicious redirects will gain the attention of search engines. An infected site will eventually get blacklisted, which cuts off nearly all traffic from organic searches. Even with the malicious scripts removed, it’s a difficult and often expensive process to convince search engines to unflag a site, allowing its rank to slowly be restored.

And let’s not ignore the immediate impact. What’s going to happen when a visitor goes to your website to buy your product offering but instead gets swept into a scam? Chances are, that’ll be their last visit.

The combined effect of blacklisting and a damaged internet reputation can easily overwhelm a business. Imagine trying to find the source of infection while dealing with furious customers and lost revenue, and then facing search engine blacklists and the cost of fixing the hack.

How to stop malicious redirects

Fortunately, malicious redirects can be stopped. Two basic rules of thumb:

  • Control who has access to your site.
  • Stay familiar with all its components, and maintaining awareness of your site’s health.

Access — Make sure people have only the minimum website access necessary to let them work on your site. Remove any unused accounts. This reduces the number of ingresses a hacker will have. Also consider putting your website behind a firewall, which blocks malicious traffic before it reaches your site. AlpineWeb Design provides these tools with all hosting accounts.

Components — Don’t install third-party components (e.g. plugins and themes) without checking out their developer or only install from the official CMS repositories. Make sure you know how often they’re updated and who’s handling those updates. And periodically audit your third-party components to see if any are unused or outdated and need to be removed. This may be a job for your website developer – a quarterly review is what AlpineWeb recommends.

Awareness — Make sure there’s a way to regularly scan your website for signs of infection or vulnerability. This can be as simple as using one of the many free remote scanners, like SiteCheck or UnmaskParasites. You should also have an application for server-side scans, which look deeper into a site’s files and databases. AlpineWeb Design provides these tools with all hosting accounts – we scan daily throughout the day and flag all possible concerns.

These are by no means everything necessary to maintain website security, but rather what’s mandatory to protect yourself against injections. It’s far better to develop a complete plan for website security, which addresses all types of threats. AlpineWeb Design will help you to develop this strategy.

How to remove malicious redirects

If you’re already hacked, it’s critical to get help now. We’ve already discussed the consequences, so it’s critical to take immediate steps toward recovery. If you are a customer of AlpineWeb Design – we will help you prevent and clean up such attacks.