The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Malware inserted into website?

Discussion in 'Security' started by theflash, Sep 10, 2013.

  1. theflash

    theflash Registered

    Joined:
    Mar 5, 2012
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Hi,

    For the first time we've had one of our major clients website infected by malware from some strange domain we've never heard of.

    Does anyone have any advice for this?

    Google says the 1st step is to take the website offline but I can't find out how to do that. Is the only way to suspend the domain in WHM? We tried it, but when you visit the website it still shows (with the malware warning.)

    Any help greatly appreciated,
    TheFlash
     
  2. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    Do you have root access to this system? If not, you may want to consult with your web hosting provider to have them investigate this account to determine how it was exploited. If you do have root access, or if you primary concern is removing the redirect, check the .htaccess file within the account's public_html. It's likely a rewrite rule exists in that file. You will need to manually remove the malicious entry and suspend the account again if necessary.

    Thank you.
     
  3. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    Even if you suspend the domain in cPanel, the google warning will remain until they re-crawl the site.

    I would advise consulting your host or a qualified security administrator.

    Once you have found the source of the infection, and cleaned it, sign up for "google webmaster tools" and you can add/verify the domain there and request a re-crawl to clear the google warnings.
     
  4. webmasteryoda

    webmasteryoda Active Member

    Joined:
    Apr 3, 2013
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Serbia
    cPanel Access Level:
    Root Administrator
    If you have control over ssh of your server install maldet, configure it and scan your home folder.
    Check for changed files and replace them with the original ones. Delete the malicious scripts and secure the cms.
     
  5. sslsecurity

    sslsecurity Registered

    Joined:
    Sep 23, 2013
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Website Owner
    Right now no need to suspend the domain, You should scan your website first with any of security guard software such as Comodo Hacker Proof TrustMark or other daily Vulnerability Scan Process. It will show you the location which is affected from malware. Once you locate the area of malware then you can easily remove the affected page or recover your website from malware with the help of Hacker Proof TrustMark.
     
Loading...

Share This Page