Malware inserted into website?

theflash

Registered
Mar 5, 2012
4
0
51
cPanel Access Level
Website Owner
Hi,

For the first time we've had one of our major clients website infected by malware from some strange domain we've never heard of.

Does anyone have any advice for this?

Google says the 1st step is to take the website offline but I can't find out how to do that. Is the only way to suspend the domain in WHM? We tried it, but when you visit the website it still shows (with the malware warning.)

Any help greatly appreciated,
TheFlash
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,201
363
Hello :)

Do you have root access to this system? If not, you may want to consult with your web hosting provider to have them investigate this account to determine how it was exploited. If you do have root access, or if you primary concern is removing the redirect, check the .htaccess file within the account's public_html. It's likely a rewrite rule exists in that file. You will need to manually remove the malicious entry and suspend the account again if necessary.

Thank you.
 

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Even if you suspend the domain in cPanel, the google warning will remain until they re-crawl the site.

I would advise consulting your host or a qualified security administrator.

Once you have found the source of the infection, and cleaned it, sign up for "google webmaster tools" and you can add/verify the domain there and request a re-crawl to clear the google warnings.
 

webmasteryoda

Well-Known Member
Apr 3, 2013
97
7
8
Serbia
cPanel Access Level
Root Administrator
If you have control over ssh of your server install maldet, configure it and scan your home folder.
Check for changed files and replace them with the original ones. Delete the malicious scripts and secure the cms.
 

sslsecurity

Registered
Sep 23, 2013
2
0
1
cPanel Access Level
Website Owner
Right now no need to suspend the domain, You should scan your website first with any of security guard software such as Comodo Hacker Proof TrustMark or other daily Vulnerability Scan Process. It will show you the location which is affected from malware. Once you locate the area of malware then you can easily remove the affected page or recover your website from malware with the help of Hacker Proof TrustMark.