There has been a recent minor spate of attacks against websites which have been harmed and infected with malware – including a small number of radio stations.
If you find one day that your browser is blocking access to the Radioplayer console, it means that your site has been infected. This is a serious situation and unfortunately Radioplayer is rather limited in what help we can offer but your hosting provider should be the first port of call. This guide is offered just as a starting point but you’ll need to speak to your web host for help.
How do I know if my site has been infected?
Most likely you’ll find that Google has started blocking it and will show errors such as the below.
What should I do?
- Contact your hosting provider to alert them
- Ask them to help you secure your site – this will most likely involve changing CMS and FTP passwords
- See if they can check their logs to see when the site was infected. They may also find clues as to who was responsible.
- Either… (a) restore your site from a backup if you or your hosting provider has one or (b) start looking for pages which have been infected. Start by checking the index.html file in your Radioplayer console directory. Look out for two key things…
– Unusual hidden IFRAME tags – a hidden iframe has a height and width of zero and will often point to a strange URL that you’ve never seen before.
– Unusual javascript tags which show a foreign src – in the Radioplayer console eg.
script language=”JavaScript” src=”http://90210.xyxyxyx.biz/obo/12nxbavw.php” - Note what you’ve found. If you can’t restore from a backup, try removing such spurious tags both from the Radioplayer console and also the rest of your site.
- We thoroughly recommend that once your site is clean of infection, you login to the Station Control Panel and generate a fresh, clean new Radioplayer console and upload it to a new URL on your site
- Update your Station Profile in the Station Control Panel, to reflect this change. It’s the first field on the Audio tab that you need to update.
- Update all your Listen Live links to point to the new location. Once we’ve approved the profile request, you’ll be able to use the button generator. If you’re already using the button generator, this will update automatically.
What other help can Radioplayer provide?
Because this is a website security issue, rather than a fault with the Radioplayer console, we’re rather limited in the help we can provide. But we can certainly help you generate a fresh new console and if required, we can take your station out of Radioplayer until your site has been secured and checked by your hosting provider.
How long will my site be blocked for?
That’s hard to know. Google’s security alert page will provide you with a link to their ‘Safer Browsing’ report page which will explain the reasons your site was blocked. Once you’ve cleaned your site, you should follow their steps to request an unblock. For your Radioplayer console, as mentioned in steps 6 and 7, putting a fresh uninfected version on a new URL and updating your links to it, can help.
How did this happen?
Websites get hacked for all sorts of reasons. Hackers are expert in finding weaknesses in website security. Sometimes hackers exploit security holes in content management systems or FTP servers. Sometimes hackers find FTP passwords in big lists on the black market. Sometimes they use brute force to guess passwords or infiltrate other methods of accessing servers. You may never know how they got in. A lot of web hosts have good firewalls and intrusion detection systems but not all, so it’s important to keep a backup of your website (including database) at regular intervals – as it’s much easier to restore from a backup, than have to rake over hundreds of files to see what’s been tampered with.