Suspected Malware on my 123Reg host running several RW sites

123Reg have suspended one of my hosting packages due to suspected Malware and that has stopped 7 Rapidweaver sites that I have hosted on it. So far they have not told me what file might be causing the problem. I have deleted a load of outdated files, changed the password on my FTP account and re-published everything. I have then asked them to check again and am waiting for an answer.

In the mean time is there anything else I should be doing? Is there any tool that can help me track down the malware on the server, bearing in mind that no-one can get access to any of the websites online at the moment?

May be totally unrelated but I had google flag one of my sites once like this… the problem was a “mailto” link that was setup wrong. In that case they thought I was trying to gather email addresses by having people click links. So you might want to check your “mailto” links if you have any.

In what sense was it wrong? I use mailto links a lot of the time.

I honestly don’t remember. We have a directory page with lot’s of email links (the people ask to be listed) and so we have hundreds of “mailto:” links. Instead of typing "" I had mistyped it. I seem to remember a “mailto:” with a url instead of email address. But just not sure…

In my case Google was kind enough to provide the offending page so I just checked the code until I found the weird “mailto”. Strangely, except for that, the page worked as normal.

of course… odds are very remote that this could be what’s happening in your case… It’s just one thing you can check for…