Help for hacked sites: Error template
Articles,  Blog

Help for hacked sites: Error template


Hi. I’m Lucas Ballard. I’m a software engineer at
Google, and I work on Google Safe Browsing. I’d like to provide more
information for site owners who were notified that their
site was infected with malware, specifically with
the type error template. In case you’re unaware, if your
site was infected with malware, you can see a sample of
infected URLs and the type of the infection when you verify
ownership of your site in Google Webmaster Tools. Google Webmaster Tools
can be found at google.com/webmasters. In regard to error template,
this type of malware occurs when the template used for error
messages, such as 404 file not found errors,
is configured to distribute malware. In this way, attackers can
launch attacks on URLs that do not even exist on your site. To investigate, if you’ve
verified ownership of your site in Webmaster Tools, copy
a sample URL associated with error template. Please do not open an error
template URL directly in your browser, as that can infect
your current device. Instead, try using tools such
as wget or curl to check for unwanted code return when
fetching the sample error URL. It’s likely that you’re able
to confirm the malicious content on an error page. Next, log in to your
web server. Check server configuration
files for an error-page directive. For example, the error template
for Apache web servers can be declared
in the htaccess file. View this file, perhaps through
an editor like BI, and scan for one or more
ErrorDocument directives. ErrorDocument will be followed
by an HTTP status code, then the location of the error
template modified to distribute malware. When you’re ready to clean up
your site, which is in the following step of our hacked
site recovery, you can either replace the htaccess file with a
known good backup or you can delete the unwanted
ErrorDocument directives in the existing htaccess file. Be sure to clean the actual
ErrorDocument files as well. Please be aware, however, that
only fixing the htaccess and error templates doesn’t
correct the underlying vulnerability that allowed the
hacker to compromise your site in the first place. You’re now up to speed on the
malware type error template. Before you finish this step, be
sure to review file system damage assessment for a more
thorough investigation of your entire site. Thanks for watching.

Leave a Reply

Your email address will not be published. Required fields are marked *