InMotion Hosting Support Center

Why am I getting a warning about a virus on my website?

2012-03-15 2:49 pm EST

Hits: 3,680
i will tell you my Case
i test some php Scripts nowadays and i scan all of them before upload and after upload, when browse them my Kaspersky Antiviruse till me that website infected with ": Trojan-Downloader.JS.Iframe.cuq"

1- how do you secure your servers?
2- i scan every script and work on it on my PC and sure the scripts dose not have any Viruse or Trojans so it infected on your servers, how i will trust in hosting keep infect and infect my website with Viruses

You must login before you can ask a follow up question.

You must login before you can submit an answer.



Tim S.
9,967 Points
2012-03-15 3:15 pm EST
Hi AhmedFawzi55,

Thanks for posting your question. I'm more than happy to assist you today. We regularly scan our servers for known threats and have processes in place to mitigate those threats. It is customers responsibility to make sure they're accounts secured with strong passwords and any software on your account such as content management systems are up to date.

Most hacks that take place and insert malicious code are done through weak passwords or security holes in the software the website is using.

We'd be happy to look at your account for any malicious code. Did you know of a particular script that you think has been hacked? Please let us know if you'd like us to look into this further for you.

If it was hack affecting the server itself, we'd get a large volume of contacts from customers complaining about being hacked and that's just not the case currently. We have not been contacted by anyone else on the server complaining about the issues you have described.

If you need further assistance please feel free to contact us.


Tim S

You must login before you can post a comment about this answer.


Tim S.
9,967 Points
2012-03-19 10:42 am EST
Hi AhmedFawzi55,

Thanks for getting back to me. I'm more than happy to assist you. In your public_html folder there's a file called "426190.php" and the code contained in the file appears to be a base64 encypted hack file. Typically, we see hacks like this on accounts where FTP has been exploited.

I would not open the file in a browser, but use the code editor in cPanel to view the file. Once you have verified that you have not placed this file in your website, you'll want to remove it. Since the search engines have indexed the website and found this page, you're site might be flagged for having malicious code. It looks like the file was placed there on February 11, 2012.

I've checked the FTP logs however, the archived logs do not go back that far, so I cannot verify the method the file was placed into your account.

Here's a link on the steps we recommend after you have determined your website has been hacked:

What to do if my website has been hacked

If you need further assistance please feel free to contact us.


Tim S

You must login before you can post a comment about this answer.

Like this Question?

Support Center Login

Social Media Login

Social Login Joomla

Related Articles

It looks like there are no related articles.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?


Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail:
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!