The Hack and Warning
The email included examples of what the code looked like and where we could find it. What made us suspicious was that the email was full of typos and mis-used words. So it could have been a hoax. But it wasn't.
The email was from a security company I'd never heard of or worked with. I'm not sure how they knew there was this code on the website, and it might not be polite for me to guess, but as soon as I got back to Canada I checked it out. And sure enough the code was there just like they said and more.
So this happened to our website...
In the meantime, something has been sent to Google and the site had the dreaded red warning over it in so no online visitors would feel safe clicking through to the website.
The website was essentially down. Traffic was at a halt and I was on the phone reaching out for help. With some good advice, we took care of all the malicious code in a couple of days and submitted the site to Google for their approval.
How We Fixed the Problem
We also added an SSL Certificate and Site Lock scanning to help keep the site safe from other attacks and let the public know it was a secure site.
SSL encrypts the link between a browser and the website's server and tells the browser it's a safe connection. You can usually tell because secure sites show the https:// prefix. SSL used to be difficult and costly to implement, but now you can do it yourself online affordably. Click here to get your SSL certificate for your own website.
Going Live Again
Overall, getting the website to this safe state took about 15 hours and a small investment in the security services. That was nothing compared to the week it took for the site to be free of the red warning box. It was quite the process. If you want to learn more, contact us.