Problem solve Get help with specific problems with your technologies, process and projects.

How to secure a website containing badware (banner82)

In an expert Q&A, John Strand reviews how SQL injection attacks can lead to banner82 attacks and a "badware" label for your website.

My website is being listed as one with badware. Previously, an old bulletin board that had been kept as a backup did contain bad code (banner82), but that has been removed. My hosting service and I have scanned the website several times without result. What is the best next step to secure the site?

First, be sure that you are looking into root-cause analysis and not the symptoms of the problem. Remember, banner82 "badware" compromises are often the result of a SQL injection attack. There are other vectors, but the existence of that code proves that there was some sort of malicious compromise, and it's critical to find out exactly how it happened.

Next, you need to work with StopBadware.org to get your site off of its list of domains known to host programs that seek to perform malicious or unwelcome actions on a user's computer, i.e. spyware, malware or deceptive adware. Google uses StopBadware.org to develop a list of potentially malicious sites and help warn users before they actually visit them. To have Google stop singling out your content, you will need to have Google re-crawl your site. Learn more about Google Webmaster Tools to do this. Failing that, send an email to appeals@stopbadware.org. The team there will help identify why your site is being flagged for badware and how to clean it up.

StopBadware.org has an excellent write-up on how it assesses websites for malicious software. Some possibilities include that the site may have had its source code altered, it may be hosting malware as an advertisement (yes, you are responsible for the ads on your site), or you may be linking to a site that is hosting malware.

More information:

This was last published in January 2009

Dig Deeper on Application attacks (buffer overflows, cross-site scripting)

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.