We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
2 days, 15 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Malware Problem on Web Site
Posted on 2013-01-03
Our church web site just presents information and allows downloading recordings of talks/classes. We don't sell anything, etc. We don't require login. We have no scripts, etc.
We use the hosting service, Bluehost.
Google alerted us that we had malware. We removed it and changed to a 10 character complex password and it keeps coming back. We have checked for added "chron jobs" and there are none.
Bluehost isn't much help. Is there a hosting service that will provide adequate security? We know there are third party security services like sucuri.net but the hosting service should provide some security. A quick search indicates that none of them seem to make any strong effort on security.
Also, any guidance on third party security services would be welcome.
Thanks.
Gar
We use the hosting service, Bluehost.
Google alerted us that we had malware. We removed it and changed to a 10 character complex password and it keeps coming back. We have checked for added "chron jobs" and there are none.
Bluehost isn't much help. Is there a hosting service that will provide adequate security? We know there are third party security services like sucuri.net but the hosting service should provide some security. A quick search indicates that none of them seem to make any strong effort on security.
Also, any guidance on third party security services would be welcome.
Thanks.
Gar
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
3-
2
6 Comments
There are plenty of hosts like Rackspace that provide much better security but it comes at a cost. Where Bluehost is very reasonably priced they don't offer much in support.
What sort of malware was detected. If it was an exploit of php then shutting down php would resolve the issue but would disable any dynamic pages you have using php.
There are also 3rd party solutions like McAfee that will scan your site for vulnerabilities but that won't help much if your host can't or won't fix them.
What sort of malware was detected. If it was an exploit of php then shutting down php would resolve the issue but would disable any dynamic pages you have using php.
There are also 3rd party solutions like McAfee that will scan your site for vulnerabilities but that won't help much if your host can't or won't fix them.
At this point, I'm not sure about the kind of malware (I'm a retired engineer, not an IT person). And it now appears that our current problem is getting Google to remove a blacklist on our site. I looked at our code on Bluehost and I don't see any malware lines. I was going to send you an example (would that have been a problem?). It involved something about "ifiles". We don't have any dynamic pages.
Thanks for recommending Rackspace. Could you suggest a couple more similar services so we can compare them?
Thanks for recommending Rackspace. Could you suggest a couple more similar services so we can compare them?
@garcpr,
I would recommend you to scan your website by going to below link. This would scan your website and let you know the probable cause of why it has been listed with Google and also what pages contains the scripts which you would need to remove.
Further you would need to make sure that you website it updated if you are using the older version of wordpress or some old modules of wordpress which are vulnerable.
Link to scan the website:
http://www.sucuri.net/
Sudeep
I would recommend you to scan your website by going to below link. This would scan your website and let you know the probable cause of why it has been listed with Google and also what pages contains the scripts which you would need to remove.
Further you would need to make sure that you website it updated if you are using the older version of wordpress or some old modules of wordpress which are vulnerable.
Link to scan the website:
http://www.sucuri.net/
Sudeep
If you don't have active pages then you probably have some scripts that are causing the problem. Look at your .js files.
Additionally you may have pages & folders that were added to your site.
Additionally you may have pages & folders that were added to your site.
Here's some other managed hosting providers:
http://www.softlayer.com/managed/security
http://www.layeredtech.com/
http://www.servstra.com/manage.html
http://www.servint.net/vps.php
http://www.liquidweb.com/
http://www.softlayer.com/managed/security
http://www.layeredtech.com/
http://www.servstra.com/manage.html
http://www.servint.net/vps.php
http://www.liquidweb.com/
Thanks for your help.
Thanks to Sudeep also for his suggestions.
I checked again and we don't have any scripts or .js files. There are a few small php files. I think they are Bluehost files.
Our site is, as I described it, very simple. It is "small", it's scope and functionality are quite narrow compared to commercial sites, etc.
Gar
Thanks to Sudeep also for his suggestions.
I checked again and we don't have any scripts or .js files. There are a few small php files. I think they are Bluehost files.
Our site is, as I described it, very simple. It is "small", it's scope and functionality are quite narrow compared to commercial sites, etc.
Gar
Featured Post
With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Here's a look at newsworthy articles and community happenings during the last month.
The conference as a whole was very interesting, although if one has to make a choice between this one and some others, you may want to check out the others. This conference is aimed mainly at government agencies. So it addresses the various compli…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers.
According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
The Email Laundry PDF encryption service allows companies to send confidential encrypted emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Suggested Courses
Course of the Month2 days, 15 hours left to enroll
696 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.