Why am I getting a warning about a virus on my website?

Avatar
  • Answered
Hello
i will tell you my Case
i test some php Scripts nowadays and i scan all of them before upload and after upload, when browse them my Kaspersky Antiviruse till me that website infected with ": Trojan-Downloader.JS.Iframe.cuq"

1- how do you secure your servers?
2- i scan every script and work on it on my PC and sure the scripts dose not have any Viruse or Trojans so it infected on your servers, how i will trust in hosting keep infect and infect my website with Viruses
Avatar
Tim S.
Hi AhmedFawzi55, Thanks for getting back to me. I'm more than happy to assist you. In your public_html folder there's a file called "426190.php" and the code contained in the file appears to be a base64 encypted hack file. Typically, we see hacks like this on accounts where FTP has been exploited. I would not open the file in a browser, but use the code editor in cPanel to view the file. Once you have verified that you have not placed this file in your website, you'll want to remove it. Since the search engines have indexed the website and found this page, you're site might be flagged for having malicious code. It looks like the file was placed there on February 11, 2012. I've checked the FTP logs however, the archived logs do not go back that far, so I cannot verify the method the file was placed into your account. Here's a link on the steps we recommend after you have determined your website has been hacked: What to do if my website has been hacked If you need further assistance please feel free to contact us. Thanks! Tim S
Avatar
Tim S.
Hi AhmedFawzi55,

Thanks for posting your question. I'm more than happy to assist you today. We regularly scan our servers for known threats and have processes in place to mitigate those threats. It is customers responsibility to make sure they're accounts secured with strong passwords and any software on your account such as content management systems are up to date.

Most hacks that take place and insert malicious code are done through weak passwords or security holes in the software the website is using.

We'd be happy to look at your account for any malicious code. Did you know of a particular script that you think has been hacked? Please let us know if you'd like us to look into this further for you.

If it was hack affecting the server itself, we'd get a large volume of contacts from customers complaining about being hacked and that's just not the case currently. We have not been contacted by anyone else on the server complaining about the issues you have described.

If you need further assistance please feel free to contact us.

Thanks!

Tim S