Check for potential spam content
|Check||Your domain was found in spam lists.|
|Beschreibung||Spam is unwanted email advertising in your inbox with sometimes dubious content (for example advertisements for viagra, medications, insurance, or credit offers). These advertisements are sent in large quantities, but they can also be targeted specifically. Attackers usually conceal their true identity and try to trick you.|
|Hintergrund||The login data for the website may have been compromised by a malware infection on the computer, or by criminals hacking the website from the outside. Unnoticed by the owners of the website, malicious code for spam content is deposited on the host/web space. It is also possible that attackers gained access via the administrator login of the content management system (CMS), or that they may have exploited security flaws in outdated plug-ins in order to upload malware. Through the use of these files, spam content is injected into the WordPress theme or into the database, thus creating concealed links to malicious websites.|
|Auswirkung||Often the danger is not visible from the outside, but nevertheless spam content is created or is used for distribution via other media.|
|Lösung / Tipps||If your domain was found in spam lists:
Take down the website!
Take down your website to prevent users from accessing it, and to prevent Google from removing the website from its index, which would delete a positive ranking. You also avoid being blocked by your hosting provider.
To check if the website shows any of the typical spam characteristics, call up the website in the browser, then right-click to "view page source". In this view, you can use Ctrl+f (search) to check your source code for typical signs of online fraud through advertisements for medications or dubious credit offers.
Some terms to search for:
Check your logfiles for unauthorized access from unknown IP addresses. As a starting point for your investigation, the time stamp of the manipulated or uploaded file can give you a hint when the attack happened and by which gateway the attackers gained access.
- Change your login data!
Restore a malware-free backup! To do this, delete all the files on your webspace. In this way, you will make sure that you do not overlook malicious files from the compromised system which were used as a backdoor by the attackers. Before restoring from the backup, make sure that the intended backup is not yet infected by the malicious code that we detected, and if necessary, use an even older backup. If the backup is malware-free, restore it and then install any updates for your system. Only after this is done, put the website back online.
- If you do not have a backup of your website, consider a completely new installation. Manual cleanups usually take up a lot of time and should only be carried out by qualified experts.
Check your local computer for malicious software! The website botfrei.de offers helpful information and software. With the EU-Cleaner, you can remove various malicious programs from your computer. (https://www.botfrei.de/de/eucleaner/index.html)