My site blocked due to Malware warning


(Alex) #1

Hello. I’ve just been told my website is being blocked from someone who tried to access it through google. I’ve run a couple of online malware checkers here: https://sitecheck.sucuri.net/results/wellingtonicu.com# (2 malicious files)
& here:
https://quttera.com/detailed_report/wellingtonicu.com (9 malicious files)

They both tell me different things but as far as I can tell, the code has been injected with spam. Unfortunately I can’t find it in the HTML files when I ‘viewsource’ through my browser. Has this been injected elsewhere on the server code that I can’t access?
I use Nimblehost hosting. I’ve changed my FTP password, deleted all code then reuploaded the website but the warnings persist. I’m not sure what to do next. Any advice gratefully received.


(Nigel) #2

Is it just because it is non SSL? I opened the site and it worked fine but I was not given a padlock symbol. Maybe try changing it over to SSL and see of that clears the warning.


(Alex) #3

So, weirdly, there is some redirect script running somewhere on the server as all links via Google now redirect to Viagra/Cialis shop. Accessing the URL directly works fine but all redirections were linking to a php script that had been installed in my root directory that was then sending all browsers to the Viagra shop. I’ve removed the php script so I now just get a 404 from all google links. So the website works, just not via google. Which is bad.

I rang my hosting company. They want me to pay US$160 per year to fix this. Which is awesome given its likely their script on their server that’s the problem (I have 2 factor authentication & use a 28 character alphanumeric & character password which I have shared with no-one & is only written on a piece of paper in my desk). I’m in the process of changing hosting provider…


(NeilUK) #4

In addition to the malware, you’re going to need an SSL certificate on your website. This is standard now and in the not too distant future, browsers will label websites without an SSL cert as insecure.

If your host doesn’t provide free SSL certs, I would find another host that does. If you get a new host and upload your RW site from scratch, the malware shouldn’t be there.


(Alex) #5

Thanks Neil. That’s exactly what I am doing. New host provides SSL for free; overall it will work out cheaper than the old host’s cost for installing one. Guess the Viagra salesmen did me a favour!


(NeilUK) #6

Viagra is indeed all powerful :wink:


(Nigel) #7

Wow. Move it over to @greg700 at Chillidog hosting. He will get it up and running.


(Doug Bennett) #8

Make sure the new host supports SFTP not just FTP, as FTP sends your logon and password in the clear. So it doesn’t matter how secure you make your password, as it can be intercepted between your computer and the server.


(Gregory Barchard) #9

It may be something on your site but it may be related to the IP of the server. As @Nigel mentioned, I’m happy to help you get you sorted. I can scan a client site for known exploits and help you get it cleaned (if it’s sometjing on your site)

Let me know. I will happily migrate your site over to Chillidog for free :slight_smile:

Greg


(Alex) #10

Didn’t realise FTP was an open book. That seems so dumb. New host has SFTP. Thanks for the tip.


(Alex) #11

Thanks Greg. Have already signed up & moved.
If they turn out to be as useless as my previous provider, I’ll be coming your way…
:grinning:


(Gregory Barchard) #12

sure thing, you know where to find me.

-greg


(Phillip Anthony Briles) #13

Speaking from recent experience … ChiliDog CANNOT be beat. Greg knows how to take care of business and then some.


(system) #14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.