Website Malware Attack

Three weeks ago the IQ Matrix website and all its two sub-domains were infected with Malware. Most readers who viewed the site at the time would’ve been confronted with a bright red page (like the one above) warning them not to visit the site. My purpose in writing this post is to explain what happened, why it happened and what security measures I have taken to ensure that these issues do not occur again.


What is Malware?

Malware is a malicious software that is developed with the intention of infiltrating a computer or website without the consent of the owner. In my case the Malware found a vulnerability within my website and exploited it. It essentially took control of the IQ Matrix website and populated it with malicious content in the form of direct product offers and links to other sites. Moreover, it posed a risk to visitors by potentially uploading Malware to their computers. For more information, please see article about Website Malware.


Received Warning Email from Google

As a result of the Malware attack, I received an email from Google informing me about the issue.

At the time I contacted my hosting provider (which was Bluehost at the time). They informed me that they couldn’t do anything about the issue and referred me onto SiteLock which partners with Bluehost and many other web hosting providers.


My Experience with SiteLock

I purchased an On Demand Security package from SiteLock for $59.99. I provided them with my FTP details and other relevant information about the issues I was experiencing.

I informed SiteLock about the thousands of mysterious files that were being uploaded to the IQ Matrix Shop directory on a daily basis. I mentioned that every time I would delete these files that they would once again appear the very next day — sometimes within only a few hours or minutes.

The SiteLock Technicians went to work on the issue, and within about 36 to 48 hours my Malware problems appeared to have been resolved. They provided me with further guidelines on how to secure my site from future Malware attacks, and their Customer Service Representative was very friendly and courteous (a pleasure to deal with). I was relatively happy with their service and therefore spent an additional $490 for a 12 month monitoring and maintenance service. They posted the SiteLock badges onto my site and everything appeared to be rosy.

One thing that did concern me at the time was that SiteLock deleted some critical files that I needed for the IQ Matrix shop. Fortunately for me I have a great company Magnum Web Design who looks after my CRE Loaded eCommerce store, and they were able to resolve the issues for me.

About 4 days after the SiteLock security badges were posted onto my site, I received another warning from Google that the Malware had returned. However, this time, IQ Matrix and all the other websites I had on the server were infected with the Malware. What concerned me at the time was that I never received a warning from SiteLock that the Malware had returned (the warning eventually came about half a day after I noticed it).

Before proceeding further with a description of these events, I just need to point out that I live in Australia and SiteLock operates from the United States. Therefore sending an email in the morning my time pretty much corresponds with the end of the day in the United States, which meant that it was difficult for me to communicate live with a representative. Although I must mention that my impression is that the SiteLock staff only work for about 6 to 7 hours per day 5 days per week. The earliest email I would receive my time was at 2am and the latest email came before 9am. This isn’t a criticism, but rather I want to point out how difficult it was for me to communicate with them given the time difference.

I immediately contacted SiteLock to ask them to remove the Malware from my site. However, because it was late on Friday my time (which was Friday morning their time), I wasn’t sure if I was going to hear back from them that week given the slow response rate I was getting from customer service. Unfortunately I was right. 🙁 After sending several emails over the weekend, finally by Monday (which was Tuesday morning for me) to my surprise I received an email from SiteLock asking me to resend my FTP login details once again, WHICH THEY ALREADY HAD! Since this was the end of the day once again for them, it meant that my Malware issue probably wouldn’t be resolved for at least another 24 hours if not more.

This whole process was progressing way too slowly for me, and I therefore asked for a full refund on the $490 package, which came with a 30 day money back guarantee. I received this refund within 48 hours without any problems.

SiteLock may very well be a competent and reputable company within this industry. However, the entire time I was dealing with a Customer Service Representative when I should’ve been dealing with a Technician. Therefore whenever I needed something fixed the Customer Service Representative would need to confirm things with the Technician first before getting back to me. This meant that the communication was excruciatingly slow. Maybe this is an area they could improve upon in the future.

By this time the IQ Matrix website had unfortunately been blacklisted by Google — resulting from the ongoing Malware issues which had infected the site for a 5th straight day.


Sucuri to the Rescue

While waiting for SiteLock to reply to my email over the weekend, I researched other sites on the web that could help me out. I eventually came across Sucuri. What appealed to me straight away was their customer friendly approach. Their website had a blog, showed genuine customer testimonials (real people providing testimonials on their blogs and through Twitter like I’m doing here) and this appealed to me immediately. What’s more, I read that they would often resolve all Malware issues within 4 hours. And that was what sold me, given the slow service I had received from SiteLock.

I contacted them regarding the issues I was having and I purchased their Business Package late Tuesday morning (my time). Because they’re based in the United States it was late Monday evening for them. I therefore expected that the Malware probably wouldn’t be fixed for at least another 12 hours or longer. However, to my surprise they immediately (within minutes of signing up) got to work fixing my website and all the other websites on the server.

To my surprise, about 3 hours later all the Malware had been removed from the IQ Matrix website. The team at Sucuri had worked well into the night to help me with my Malware issues. That’s what I call going the extra mile. I couldn’t rave more about their customer service and efficiency.

What impressed me most about Sucuri was that they kept me informed throughout the entire process. I was receiving regular emails about the progress that they were making, and most importantly I was communicating directly with their Technicians.


Professional Customer Service

After the Malware was removed from my websites, there were still other issues that needed to be fixed. Some files were corrupted and the themes weren’t displaying correctly. Sucuri pinpointed these issues and went to work on them over the next couple of days. They made sure to back-up all the plugins and files and managed to get all my websites back online in full working order. There’s still one more issue I’m having with the sidebar on the IQ Matrix Blog and the footer on the single post pages (it isn’t visible), however this is also in the process of being repaired by Sucuri.


Around the Clock Monitoring

Sucuri now monitors the IQ Matrix website and all its subdomains including Mind Map Art and adamsicinski.com every 3 hours searching for Malware, Malicious Javascript, Malicious iFrames, Suspicious Redirections and Spam. Any time something unexpected pops up I receive an email from Sucuri informing me about the issue, which of course can be fixed by their technicians.

I’m very pleased with this website security service, and hope that it brings a little more peace of mind to site visitors and readers. However, I must point out that this doesn’t guarantee that the site is 100% protected from Malware. Security primarily depends on other factors that I discuss a little later within this article. What it does guarantee, is that I have a company who is willing to got the extra mile to help me out if issues such as this arise in the future. 🙂


The Impact of Blacklisting on Google

Once the Malware was removed from the website, I informed Google using Google Webmaster Tools that the site was Malware free (Sucuri can also do this for you).

After about 24 hours Google removed the big red warning page that you see at the top of this post and also removed the warning message within keyword search results. It was a relief to have this finally behind me, however I soon realized that there are consequences of Malware attacks that impact both search engine traffic and RSS subscribers.


Reduced Traffic + RSS Subscribers

Since the second wave of Malware attacks the overall traffic (unique visitors per day) to IQmatrix.com is down by about 70% and the RSS subscriber count is down by roughly 25% from its peak several weeks ago before the Malware attack. See images below:

As you can see above, since the Malware attack the traffic has fallen quite considerably. Most traffic is direct traffic or originates from referring sites.

Interestingly, on exactly the same day the RSS subscriber count fell by more than 400 subscribers from 1676 to 1234 and hasn’t recovered. Normally the RSS count fluctuates up and down, however it has remained steady, which signifies that it must have been connected to the Malware attack. See below:

I never expected that these consequences would result from a Malware attack. I have since contacted Google to Request Reconsideration of the IQ Matrix website. However, I was informed that it could take several weeks. See video below for more information about this.

I’ve also resubmitted the site using Yahoo and Bing webmaster tools. Who knowns how long this process will take.

It appears as though most of the organic traffic that was coming from keyword search terms has vanished for the time being. The IQ Matrix site (main domain name) is still currently ranking in search engines, however it’s not ranking for other keyword search terms. In fact, the only organic search terms that I’m currently getting from search engines are search terms for the main domain name such as “iq matrix” “iqmatrix” “iqmatrix.com” “iq matrix shop”, etc. Prior to this the site was ranking high for search terms such as “how to mind map” “mind map” “mind mapping” “time management” “stress management” “leadership”, etc.

I suspect that if the Malware issue was handled in a timely manner by SiteLock, that these consequences wouldn’t have resulted. However, I can only speculate about this. I therefore highly recommend that any Malware issues that your website might be experiencing should be resolved ASAP without further delay, otherwise there could be long-term consequences.

I’ll wait and see if these organic keyword search terms are restored by Google once they take a look at the site.


Current Security Measures

Here are some security measures I have taken since the Malware attacks:

  • I currently have Sucuri monitoring and protecting the IQ Matrix website form Malware and other attacks.
  • I will be implementing a daily backup schedule of my WordPress blogs using BlogVault or VaultPress. I can therefore quickly revert to an older version that is Malware free.
  • I will start using SFTP instead of FTP.
  • I have also installed security plugins on the WordPress blog such as login-lock down and Semisecure Login Reimagined (thanks Luciano)
  • I have also moved IQmatrix.com from Bluehost to Hostgator due to constant periods of downtime, slow server response, and because Hostgator offers SSL security for the IQ Matrix shop.

For further information on how to secure your website, please refer to WordPress FAQ and How to Prevent Your Site from Getting Hacked and My Site’s Been Hacked.


Lesson’s Learned Moving Forward

This whole experience was as frustrating as it was enlightening. Initially when you find out that your website has been hacked or has been infected by Malware, it’s a little frightening and stressful. However, once you do your research and get the right help, it becomes a learning experience that prepares you for the future.

Given the current circumstances with the fall in traffic, the drop in subscriber count and lower sales at the IQ Matrix Shop, it has really helped me put things into perspective. I have been forced to think more creatively about my business, my online presence and how I want to build and establish my other websites in the coming months.

Back in 2008, my website was hacked. I lost 3 months worth of content. However, this was one of the greatest experiences for me because it forced me to think differently about my website and about my branding. Soon afterwards the company name was changed, the brand was redesigned and www.studymatrixart.com became www.IQmatrix.com, and the rest is now history. 🙂

This is what I have learned: Every challenge can make us stronger, bigger, better and bolder if we accept it as something that we will learn and grow from. Therefore I must meet each challenge with fascination and curiosity by always asking myself:

How are these circumstances forcing me to think differently?

What is the opportunity here that I can take advantage of?

How can I make the best of this situation and go beyond where I was before?

After all, it’s not what happens to us that matters, it’s how we respond to what happens that makes all the difference in the end. In fact, I once heard that the most successful people in the world achieved their greatest success and breakthrough right after they suffered their greatest failure or setback. It’s because they continued to persist and resisted the temptation to succumb to the pressure of external forces, that they eventually succeeded and thrived.

Isn’t it about time we did the same?