Using BlogVault to Remove Malware from a Website

We've transferred our fair share of clients away from other hosts, and we use BlogVault to do so. BlogVault has caught and cleaned malware in the process.

on February 19, 2024 | 
Reading Time: 6 minutes

i 3 Table of Contents

Recently updated on March 7th, 2024 at 01:25 pm

Every website we create here at RAD Websites, as well as every website we’ve been hired to manage, gets BlogVault. BlogVault is a reliable and powerful WordPress backup and security service, renowned for its ease of use and efficiency in safeguarding websites. It offers real-time backups, effortless website migration, and secure storage options, ensuring that your website data is always safe and easily recoverable.

We’ve covered BlogVault’s easy-to-use backup and restore capabilities in our previous blog article, “BulletProof Backups with BlogVault”, so today we’re going to demonstrate how to utilize BlogVault’s malware detection and removal capabilities that are built into BlogVault’s plans, whether you’re hosting one website as a business, or a thousand as an agency!

Accessing the BlogVault Sites List

When logging into BlogVault’s dashboard, click the “Sites” button at the top:

Image

This will take you to the list of websites you have attached to your BlogVault Account:

 

Image

BlogVault automatically scans websites in the background for malicious activity and malware. If you have an infected site, you’ll see “🛑 HACKED” in your list to the right of each site where malicious activity has been detected.

BlogVault’s Notification About Being Hacked

“Hacked” isn’t necessarily the word we’d use, since sometimes these malicious scripts come from bad plugins, but for the purpose of context, we’ll stick with “Hacked”.

Click the “Hacked” button to review BlogVault’s detection:

Image

You’ll be brought to the page that tells you the site has been hacked:

Image

Verifying the Site has Malicious Content

Click “Review Malware” to be brought to a list of malicious items detected on the website:

Image

Here, you can click the button to the right in each item in the list to review the issue detected. In this instance, we click “View Script” and are presented with the script in question, along with the location of the script in the bottom right-corner of the window:

Image

This particular script executes hidden javascript by combining pieces of the script together at runtime, indicated by this section of the code:

  • ‘createElem’ + ‘ent’)[‘type’] = ‘text/javas’ + ‘cript’

Without any additional information about what this script it’s doing, we know well enough that any type of runtime script assembly that’s obfuscated by another script is generally going to be malware. Interestingly, Imunify360 failed to catch this particular attack, but BlogVault security did. Bravo, BlogVault.

NOTE: A possible reason Imunify360 didn’t detect this attack is because this particular site was one we were asked to fix by a prospective client that wasn’t yet using our services. We found the rogue javascript file this script was calling while reviewing the files manually, and removed the rogue javascript file this script calls at runtime by hand. We’re actually writing this blog as we disinfect this site for our new client.

Returning to the Site’s Dashboard to Remove the Malware

After reviewing the item and confirming that it is, indeed, malicious, click the [X] in the top-right corner of the window:

Image

Do NOT click the “Not a Malware” button at the bottom of the screen unless the detection is a false detection. Doing so will present you with a SECOND warning about confirming the detection is not malicious:

Image

This is your last opportunity to prevent this detected malware from continuing to run on your website. If you accidentally clicked “Not a Malware”, then click “Go Back” to return to the popup window, and click the [X] in the top-right corner of the window.

After reviewing all items, click the Site Link in the top-left corner to return to that site’s BlogVault Control Panel page:

Image

Cleaning the Malware from the Website

Now you’ve arrived at the infected website’s Site Overview page. Click the “Clean Malware” button in the “SECURITY AND FIREWALL” section:

Image

BlogVault’s automations include fallback mechanisms in the event something doesn’t go as planned. In the rare event something doesn’t go as planned, you can rollback to the way it was before the change was made. This is true for BlogVault’s Backups, Plugin Management, and Security features. We’ve never needed to use this fallback feature, because BlogVault’s polished services just seem to work without issue, but it’s great to know that when it’s needed, it’s there.

On the new page, you’ll be shown a “Cleanup” window that performs a pre-cleanup check and provides some Advanced Options:

Image

In our case, our client is using WordPress, and when expanding the “Advanced Options” section, the default is set to “Update Security Keys”, and we’re going to leave this option enabled.

Security Keys?

WordPress salts and security keys are used to enhance the security of your WordPress site by adding random elements to the passwords and cookies, making them harder to crack. These keys and salts ensure a stronger encryption of user data and help protect your website from hacking attempts and unauthorized access.

By utilizing BlogVault’s “Update Security Keys”, we can help prevent future breaches by invalidating existing cookies and sessions. This forces all users to re-authenticate, thereby cutting off access for anyone who may have gained unauthorized access using the old keys. It’s a crucial step in securing a site after a breach, as it ensures that any compromised login information can no longer be used for unauthorized access.

BlogVault’s Automatic Cleanup

Clicking the “Continue” button brings us to the simple-yet-familiar BlogVault screen that summarizes what it’s doing in the background:

Image

One of the things we absolutely love about BlogVault is that you can start a task and leave the screen to continue doing other tasks available on the BlogVault platform, and that task will continue to run in the background. You can see their notice about this at the bottom of the picture above.

The Website has been Disinfected by BlogVault

Great! Now the site has been decontaminated of the malicious script and the WordPress security keys have been updated. If you click the “View Report” button, you’ll get a new window with a detailed plaintext list of all things performed by the BlogVault cleanup:

Image

Image

This is similar to an antivirus log on a computer, and we think it’s a wonderful addition to BlogVault. If you send manual reports to your clients or have a ticketing system, this is great to copy/paste for details to showcase the diligent work you do for your clients!

 

Returning to the site details page, we can now see that our site is reported “Clean”:

Image

Conclusion

The simplicity and speed of BlogVault’s malware detection and removal features is fantastic. The platform offers a user-friendly approach, ensuring that even those with limited technical expertise can easily navigate its features. Its quick response to potential threats minimizes downtime and disruption, making it an efficient tool for maintaining website security. The effectiveness and speed of BlogVault in identifying and addressing malware contribute significantly to its reputation as a reliable and accessible security solution. That’s why RAD Websites absolutely LOVES BlogVault!

a transparent background with yellow dots and squares

About the Author: Mark Bush

CEO of RAD Websites and RAD Computers Web Design / Development and IT MSP professional for over 20 years, Mark enjoys sharing his passion for technology with others, through tips, tricks, and general education. He's developed over 400 websites since 1999. In his free time, he likes to spend his time with his girlfriend, Katelyn, and their son, Ziggy.

NOTE: Some links on this page may be affiliate links, and help support our business. These links do not alter the cost of the product, but provide a small percentage of the sale to us as the referral source.

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *