sahdes Posted July 2, 2014 Share Posted July 2, 2014 username: sahdesserver: Steviedomain: sahdes.heliohost.org / sahdes.org Hi, I have no idea why my account has been suspended. Thank you. Link to comment Share on other sites More sharing options...
Ice IT Support Posted July 2, 2014 Share Posted July 2, 2014 Your account was suspended for the following reason: MAlware. 1 file(s). /home1/sahdes/public_html/wp-admin/config.php That means that there are some malware files found on your account. For your safety and to protect your website from potential further corruption the account has been suspended. To find the infected files we recommend making a backup of your site, download the backup file to your computer, and scan the backup using a reputable virus and malware scanner. If you're having trouble locating the offending files please ask and we can provide more information. If you are you certain that it is a false-positive, we strongly encourage you to file a false positive form here: http://cgi.clamav.net/sendvirus.cgi Your account should be unsuspended now, but keep in mind that this is a temporary unsuspension. You have 24 hours starting at the time of this post to clean your account of any and all malicious files or your account will be resuspended. Link to comment Share on other sites More sharing options...
sahdes Posted July 2, 2014 Author Share Posted July 2, 2014 I'm already working on it, thank you very much. Link to comment Share on other sites More sharing options...
sahdes Posted July 3, 2014 Author Share Posted July 3, 2014 Well, I scanned the full backup with antivirus (nothing) and anti malwares (nothing), the site itself with online scanners (nothing), and with a WP security plugin that just found a file with a line of malicious code, so I deleted that file. And I've changed all the passwords. Please let me know if now it's clean. Tank you. Link to comment Share on other sites More sharing options...
hussam Posted July 4, 2014 Share Posted July 4, 2014 Where did you get your wordpress installation from?The file /wp-admin/config.php does not exist in a wordpress installation.- /wp-config.php is the configuration file- /wp-admin/ is supposed to be read only and should not contain a wp-config.php or config.php (wordpress does not use config.php anyway)- plugin and theme data or any extra functionality goes to /wp-content/- /wp-includes/ contains all php files needed by wordpress and should also be read-only.- No extra files should be placed in /wp-admin/ or /wp-includes/ My guess is /home1/sahdes/public_html/wp-admin/config.php is some file hiding there for malicious purposes.Either someone logged onto your account and placed that file there, or you got your wordpress zip file from a bad source. Delete /wp-admin/ and upload it again from http://wordpress.org/latest.tar.gzThis will NOT affect the content of your website. This folder should be strictly read only anyway. Link to comment Share on other sites More sharing options...
sahdes Posted July 5, 2014 Author Share Posted July 5, 2014 I installed wp by softaculous. I have no idea how that file got there. The site may have been hacked, it already happened once, some months ago. I did all that scans to make sure that wp-admin/config.php was the only infection. The plugin I installed (wordfence) detected the malicious code, indicated that it wasn't an actual wp file, and deleted it; and said that everything else was just ok. Thanks for your advice. Link to comment Share on other sites More sharing options...
Recommended Posts