We have automated virus removal scanners in place to alert us when any site has had malicious files uploaded, this helps us protect you and the other users on the server. Once we have been notified, we generally disable the website from the public access and will notify you via email with more information.
When your domain is disabled, you will still be able to access FTP and check / delete any malicious files.
When you are notified your site has been infected, here is what to do before contacting support.
- Check your files by logging into FTP, delete anything malicious or unknown to you or your websites application.
- Change your account passwords and FTP passwords.
- If you are using a script then check the version online for exploits and upgrade if there is a newer release.
- Check file permissions of any upload folders, config files or any/all other files.
- Perform an anti virus scan on any machines that have FTP access.
- Get in touch and verify everything has been checked and secured.
When checking files make sure you check every folder and every file, make sure there is nothing hidden away.
This site may harm your computer
Google can sometimes list your page as harmful, depending on how long ago it indexed your site.
This will give users a warning when visiting the site, we have pulled a great guide from the web for this. You should check this out even if you do not get this error.
Cleaning folders and files
We do have a guide for logging into your account via FTP.
Once you are in FTP, look for any files / folders that seem to have been changed since you made any changes. Our systems will automatically remove files which are infected but there may be the odd one hidden or still lying around. Just check any files that look strange and if you do not know what the file is, delete it. Same goes for folders, make sure you check all the files and folders in your account.
We recommend this password generator tool and generate strong, secure passwords.
Keeping scripts/applications updated
If you are using a script such as WordPress or any CMS’s (content management systems), perform some checks online for updates – A lot of scripts that have become outdated can have exploits hence the reason for an update. Most decent scripts have this feature built into the administration section.
Even if you do a quick google search for exploits in your version, you may find the methods used to exploit your script – This is also handy for keeping it secure the next time.
Getting in touch
Once you have carried out the necessary tasks and you feel you have done enough to protect yourself from future hacks you should get in touch with us by submitting a ticket.
Just let us know what you have done and that you feel your account is now secured and cleaned – Once you have done that we will then enable the account providing there is no more problems.
Last modified: 23/05/2018