Suspected Malware on my 123Reg host running several RW sites


(Martin Waring) #1

123Reg have suspended one of my hosting packages due to suspected Malware and that has stopped 7 Rapidweaver sites that I have hosted on it. So far they have not told me what file might be causing the problem. I have deleted a load of outdated files, changed the password on my FTP account and re-published everything. I have then asked them to check again and am waiting for an answer.

In the mean time is there anything else I should be doing? Is there any tool that can help me track down the malware on the server, bearing in mind that no-one can get access to any of the websites online at the moment?


(Greg Schneck) #2

May be totally unrelated but I had google flag one of my sites once like this… the problem was a “mailto” link that was setup wrong. In that case they thought I was trying to gather email addresses by having people click links. So you might want to check your “mailto” links if you have any.


(Martin Waring) #3

In what sense was it wrong? I use mailto links a lot of the time.


(Greg Schneck) #4

I honestly don’t remember. We have a directory page with lot’s of email links (the people ask to be listed) and so we have hundreds of “mailto:” links. Instead of typing "mailto:xxxx@gmail.com" I had mistyped it. I seem to remember a “mailto:” with a url instead of email address. But just not sure…

In my case Google was kind enough to provide the offending page so I just checked the code until I found the weird “mailto”. Strangely, except for that, the page worked as normal.


(Greg Schneck) #5

of course… odds are very remote that this could be what’s happening in your case… It’s just one thing you can check for…