Malicious files have been detected in the web space in use. How were they detected? They have been detected by automatic procedures for antivirus / antimalware and integrity checks on our servers. If these scripts or files are detected they can be, for the safety of the customer, previously blocked, waiting for the customer to make a check as indicated below.
Please check the rest of your website, removing additional malicious files, and updating the software presents them. For greater security we advise you to change also the FTP access password of your domain, and thoroughly scan the PCs used for accessing this domain.
For a complete check we recommend the following tools:
-
Antirootkit: Gmer Sito Web: http://www.gmer.net/
-
Hijacker: Hijackthis Sito Web: http://www.hijackthis.de/it
-
AntiSpyware: SuperAntiSpyware Sito Web: http://www.superantispyware.com/
-
Antivirus/1: Microsoft Security Essentials Sito Web: http://windows.microsoft.com/it-it/windows/security-essentials-download
-
Antivirus/2 (alternativa): Avira Sito Web: http://www.avira.com/it/index
example of a security report generated by our servers
malware detect scan report for node170xx: SCAN ID: 060114-0345.8041 TIME: Jun 1 03:45:59 +0200 PATH: /var/www RANGE: 7 days TOTAL FILES: 3671 TOTAL HITS: 10 TOTAL CLEANED: 0 NOTE: quarantine is disabled! set quar_hits=1 in conf.maldet or to quarantine results run: maldet -q 060114-0345.8041 FILE HIT LIST: {CAV}PHP.Trojan.Spambot : /var/www/clients/client242/web800/web/loginPDNG.php {CAV}PHP.Trojan.Spambot : /var/www/clients/client242/web800/web/sitemap3lT.php
Important
Sometimes reporting is more important as there may be a third-party compliant. This compliant can also have legal value and contain an intimation. Should this happen, we will have to proceed with extreme urgency to disable the web space, notifying the client and taking appropriate measures. Please read the usage policies carefully and follow these as well as the legal regulations in force.
Advice in the case of installing wordpress, joomla or other content managers
-
don't install more plugins and themes than you actually need
-
uninstall unused plugins making sure to also remove the files
-
beware of plugins that ask you to raise the memory dedicated to the script or the execution time inappropriately or that ask that there are no security constraints such as open_basedir or that the register global are set to on
-
never set mnemonic passwords to login to the wordpress panel or to the database. Always make sure that the password is at least 8 characters and is composed of digits and letters in both uppercase and lowercase letters
-
do not send your password by email
Temporary measures
If it has been detected that your site has been hacked and that malicious files have been uploaded, our staff, in the interest of security of customer data and the integrity of your account, can take the following measures:
- opens a ticket to the customer indicating the notification received (either from a third party or through their internal datascanner)
- blocks malicious scripts, such as not accessing malicious files (chmod 0)
- performs a block of outgoing mail from the web, so that any scripts present cannot send spam to the outside
- executes the immutability of the filesystem of the affected account, so that the hacker can no longer upload or modify files
obviously the indicated measures are provisional as long as the customer has not taken steps to secure his site and update the corresponding ticket.
RIF. https://miw.li/KBDE7EN