TOS Violation: malicious contents

Malicious files have been detected in the web space in use. How were they detected? They have been detected by automatic procedures for antivirus / antimalware and integrity checks on our servers. If these scripts or files are detected they can be, for the safety of the customer, previously blocked, waiting for the customer to make a check as indicated below.

Please check the rest of your website, removing additional malicious files, and updating the software presents them. For greater security we advise you to change also the FTP access password of your domain, and thoroughly scan the PCs used for accessing this domain.

For a complete check we recommend the following tools:

example of a security report generated by our servers

malware detect scan report for node170xx:
SCAN ID: 060114-0345.8041
TIME: Jun  1 03:45:59 +0200
PATH: /var/www
RANGE: 7 days

NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 060114-0345.8041

{CAV}PHP.Trojan.Spambot : /var/www/clients/client242/web800/web/loginPDNG.php
{CAV}PHP.Trojan.Spambot : /var/www/clients/client242/web800/web/sitemap3lT.php


Sometimes reporting is more important as there may be a third-party compliant. This compliant can also have legal value and contain an intimation. Should this happen, we will have to proceed with extreme urgency to disable the web space, notifying the client and taking appropriate measures. Please read the usage policies carefully and follow these as well as the legal regulations in force.

Advice in the case of installing wordpress, joomla or other content managers

  • don't install more plugins and themes than you actually need
  • uninstall unused plugins making sure to also remove the files
  • beware of plugins that ask you to raise the memory dedicated to the script or the execution time inappropriately or that ask that there are no security constraints such as open_basedir or that the register global are set to on
  • never set mnemonic passwords to login to the wordpress panel or to the database. Always make sure that the password is at least 8 characters and is composed of digits and letters in both uppercase and lowercase letters
  • do not send your password by email

Temporary measures

If it has been detected that your site has been hacked and that malicious files have been uploaded, our staff, in the interest of security of customer data and the integrity of your account, can take the following measures:
  • opens a ticket to the customer indicating the notification received (either from a third party or through their internal datascanner)
  • blocks malicious scripts, such as not accessing malicious files (chmod 0)
  • performs a block of outgoing mail from the web, so that any scripts present cannot send spam to the outside
  • executes the immutability of the filesystem of the affected account, so that the hacker can no longer upload or modify files

obviously the indicated measures are provisional as long as the customer has not taken steps to secure his site and update the corresponding ticket.

  • 13 Users Found This Useful
Was this answer helpful?

Related Articles

Connect via FTP to your hosting account to upload your website

Download FTP Filezilla client In this howto, we will use the Filezilla FTP client for our...

Google marks spam my emails

The problem of spam marking by the recipient is manifested mainly in emails sent by scripts or by...

SSL/TLS mailbox configuration

What it means to configure the boxes on a mail program using SSL Nowadays it is necessary to use...

How to manage your ZIMBRA mail services account

Zimbra Account Manager Denali offers hosting users the possibility of choosing between...

Hosting Docker

Docker Hosting is the new platform created to allow you to host and run docker images in a...

Powered by WHMCompleteSolution