In some cases, a website may be identified as distributing spam or hosting malware, which poses a risk to users and systems. When such issues are detected, we notify the website owner and provide a window of time to address the problem. If no action is taken within this period, we must take measures to protect our network and users, which may include temporarily or permanently blocking access to the website. This section outlines the steps to understand, respond to, and resolve such situations.
Possible causes of malware and spam scripts
1. A compromised FTP account
A script or file may have been placed on your hosting package via FTP. This means someone with malicious intent has gained access to the credentials of one or more FTP accounts. These credentials can be stolen in various ways, for example:
- Sharing a password with others;
- Using the same password across multiple services;
- Using a password on a public computer or network;
- Falling victim to phishing or malware that intercepts passwords;
- Keyloggers (recording keystrokes) or extraction from an FTP program.
2. A security vulnerability in the website
The second possible cause is a security vulnerability within the website itself. This could be an (outdated) installation of WordPress, Joomla, or another CMS, or a theme, plugin, or extension used by the CMS.
It is common for security flaws to be discovered in such software. The developer will usually release an update to fix the vulnerability. However, if the software is not kept up-to-date, these vulnerabilities can be exploited.
Note that this does not necessarily have to be your primary website. Often, an old version of the website or a test installation remains on the hosting package. This means that even a fully updated website can be compromised through an outdated test installation in a subfolder on the same hosting package.
Steps to resolve the issues
1. Perform a thorough scan of your computer using a reliable antivirus program.
2. Change all your passwords, including those for database accounts, DirectAdmin, your hosting account, FTP accounts, and e-mail accounts. Do not forget the passwords for any software on your hosting space (Joomla, phpBB, WordPress, etc.).
3. Update any software on the computer used to manage the website, such as your FTP client or website builder.
4. Avoid saving passwords in your FTP client or any other program used to upload your website.
5. Update all software on your hosting package. If you installed software via Installatron, you can use it to update the software; if not, update it manually.
6. Inspect all files individually to check for malicious code.
We also recommend not storing FTP passwords locally on your computer; instead, enter them each time you connect. Locally stored FTP passwords can be easily compromised.
It is equally important to keep passwords private, choose strong and hard-to-guess passwords, enable two-factor authentication (2FA) wherever possible, and avoid writing them down. If website management is shared with others, use separate accounts with the same administrative permissions so that everyone has their own password.
After completing these steps, you should search your entire website for leftover code, folders, or files that do not belong and remove them.
In the case of code injection (malicious code injected into legitimate files), the infected file should be replaced with a clean version.