Jump to content

Recommended Posts

Posted

username: sahdes

server: Stevie

domain: sahdes.heliohost.org / sahdes.org

 

Hi, I have no idea why my account has been suspended. Thank you.

Posted

Your account was suspended for the following reason:

 

MAlware. 1 file(s). /home1/sahdes/public_html/wp-admin/config.php

 

That means that there are some malware files found on your account.

 

For your safety and to protect your website from potential further corruption the account has been suspended.

 

To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information.

 

If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi

 

Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended.

Posted

Well, I scanned the full backup with antivirus (nothing) and anti malwares (nothing), the site itself with online scanners (nothing), and with a WP security plugin that just found a file with a line of malicious code, so I deleted that file. And I've changed all the passwords.

 

Please let me know if now it's clean. Tank you.

Posted

Where did you get your wordpress installation from?

The file /wp-admin/config.php does not exist in a wordpress installation.

- /wp-config.php is the configuration file

- /wp-admin/ is supposed to be read only and should not contain a wp-config.php or config.php (wordpress does not use config.php anyway)

- plugin and theme data or any extra functionality goes to /wp-content/

- /wp-includes/ contains all php files needed by wordpress and should also be read-only.

- No extra files should be placed in /wp-admin/ or /wp-includes/

 

My guess is /home1/sahdes/public_html/wp-admin/config.php is some file hiding there for malicious purposes.

Either someone logged onto your account and placed that file there, or you got your wordpress zip file from a bad source.

 

Delete /wp-admin/ and upload it again from http://wordpress.org/latest.tar.gz

This will NOT affect the content of your website. This folder should be strictly read only anyway.

Posted

I installed wp by softaculous. I have no idea how that file got there. The site may have been hacked, it already happened once, some months ago.

 

I did all that scans to make sure that wp-admin/config.php was the only infection. The plugin I installed (wordfence) detected the malicious code, indicated that it wasn't an actual wp file, and deleted it; and said that everything else was just ok.

 

Thanks for your advice.

Guest
This topic is now closed to further replies.
×
×
  • Create New...