What to do if malware/phishing sites have been discovered?

How do I find the malware?

Under the following links you will find various plugins/programs for malware detection.


Examples of what malware does:

- Index files are manipulated, Javascript or PHP code is inserted at the end.

- Often the code is obfuscated in such a way that a human viewer can no longer understand what is happening there.

Example Javascript (outputs "hello world"):

.htaccess files are created to redirect to other pages.

Possible consequences for you and your website visitors

  • Malware is installed on your website visitors' computers
  • Phishing/Spamvertised Content (http://en.wikipedia.org/wiki/Spamvertising) hosted
  • Your webhosting package is misused for spam delivery
  • Attacks (DOS, Brute Force, etc.) are launched on other servers from your website.

Remove Malware

Since malware removal can vary greatly, we can only give general hints here.

- As long as the malware is not completely removed, you should put the site offline to protect your customers/visitors. It is best to temporarily point to another empty folder. Further possibilities are e.g. via .htaccess or domain forwarding to another domain.

- Change FTP password. Under no circumstances store the FTP password in the FTP client. If necessary, also change other passwords (e.g. e-mail or checkdomain password), if in doubt.

- Check all computers that have connected via FTP for viruses or reinstall them if necessary.

Whether you reinstall your PC is of course at your discretion. However, if there are viruses on the PC, it is often difficult to remove them completely. Often you have similar problems after a short time.

- CMS (software like Wordpress or Joomla) and plugins update. Possibly outdated software, which will no longer be updated.

- Check files for malware and remove them.

- Control .htaccess files.

- Deleting everything and performing a complete reinstallation is the safest way, but not always necessary/possible.

- If available, installing a backup can also take a lot of work off your shoulders. The backup must of course have been created when the web space was not yet infected. Checkdomain backup system

- To remove the malicious code completely or to close a CMS security hole is not always easy. If you don't want to delete everything and rebuild the site, you might want to use an external to instruct experts or to ask for information in anti-virus forums. (Checkdomain does not offer this service!)

- The easiest way to remove a Google Safe Browsing warning is to use Google Webmaster Tools (http://support.google.com/webmasters/bin/answer.py?hl=en&hlrm=en&answer=163634)

Was this article helpful?

Thank you very much for your review!

Thank you very much for your review!

You have already rated this item.

Thank you for your time.

Do you require assistance?


Telephone support

Domains worldwide


  • .at
  • .ch
  • .de
  • .eu
  • .fr
  • .it
  • .nl
  • .uk
  • .es
  • .pl
  • .me
  • .li


  • .ae
  • .cn
  • .hk
  • .in
  • .io
  • .jp
  • .my
  • .la
  • .sg
  • .tw
  • .ps


  • .biz
  • .com
  • .info
  • .mobi
  • .net
  • .org
  • .travel
  • .xxx
  • .pro
  • .jobs
  • .name
  • .aero

New domain extensions

  • .online
  • .sale
  • .reise
  • .hotel
  • .xyz
  • .ruhr
  • .restaurant
  • .coupon
  • .video
  • .bayern
  • .berlin
  • .hamburg
  • .koeln
  • .london
  • .reisen
  • .saarland
  • .wien
  • .bio
  • .business
  • .events
  • .haus
  • .immo
  • .immobilien
  • .international
  • .versicherung

Companies that trust us

Other products you might be interested in

Website Builder
Create your own website without any programming knowledge.
Create a Website
Concentrate fully on your project! Performance and security included.
Optimize your Web site and achieve top rankings.
Website optimization
SSL Certificates
For your site, more safety protect yourself from hacker attacks.
Quickly protect