Jump to content
Irene C

Hosting company "routine scan" shows "infected files"

Recommended Posts

Today I received an email that went to my junk folder. It's from my website hosting company (Fat Cow), and it states that their security team "discovered infected files" during a routine scan, and I can find a list of those files in my websitescan.txt file. I looked at this file and there are 50 infected files on the list!! All of them on the list say "26.UNNOFFICIAL FOUND" at the end of the entry.

 

My website is working perfectly, links and all. Is it possible the email I got is a scam? It recommends that I contact their "preferred partner, SiteLock" to "find out about their security solutions at https://....." Honestly, I feel like this could be a scam. I ran a scan using Sucuri's site check and it came out clean.

 

I've downloaded a backup of my site, and I'm going to contact my host server. But I wanted to find out if anyone has advice before I do that. Something I read online said the host could delete all my content if I tell them it might've been hacked.

 

Has this ever happened to you? Do you have any advice for me? Thanks!

Share this post


Link to post
Share on other sites

I would be worried that it was a "spam" email and now your computer is infected from downloading the files in the email. I would check with your hosting account to see if they actually sent you that email.

 

A few ways to check on your site...

 

Google Webmaster - Do you have it installed? If so, Google typically lets you know when something has gone wrong.

 

Google Safe Browsing Site Status - Pop your website into here and see, I checked the one in your signature and it says nothing it wrong.

https://www.google.com/transparencyreport/safebrowsing/diagnostic/?hl=en

 

Sucuri SiteCheck - Pop your website in here and see what comes up

https://sitecheck.sucuri.net/

 

I hope it was just a sales pitch and that everything is fine. Is your site on WordPress and is it all updated? Make sure it is always up-to-date including the themes, plugins, etc to prevent any malicious activity.

  • Like 3

Share this post


Link to post
Share on other sites

Thanks so much, Danielle. I did the Sucuri site check earlier today, and it showed no problems. I'm glad you didn't find any problems on the Google safe browsing site status; I'll try that one on my own as well. I don't have Google Webmaster but will get it installed and try that too.

 

I didn't open any links in their e-mail. I had just separately gone to the file they mentioned, the one inside my website hosting file manager. That's the one that listed 50 files that were "26.UNOFFICIAL FOUND". My website is up-to-date, and I've been working on it recently.

 

I guess my next step will be to contact the website hosting service to find out if they really sent the message.

 

Thanks again. :)

  • Like 1

Share this post


Link to post
Share on other sites

Ok good on not opening any attachments. :) I would take a look in the backend of your site too. See if any new files have been created. You can sort all the directories by date and kind of see. Did you try googling the "26.UNNOFFICIAL FOUND" to see if anyone else asked about it. Hopefully you can get it sorted out.

 

Also, if you don't have it already, install the WordFence plugin. It's free.
https://wordpress.org/plugins/wordfence/

  • Like 1

Share this post


Link to post
Share on other sites

I've had this happen before on our server. First change the password to your host/server. Then contact them via their helpdesk or by phone to make sure it is the truth. That is my recommendation to cover all bases.

  • Like 1

Share this post


Link to post
Share on other sites

Good advice all around, thanks! Just changed the password, didn't even think of that!

 

Danielle, I saw some information on WordFence yesterday. I think I'll have another look at that, too. Worth a try.

 

Tawnya, when this happened to you, was it for real with your server? After searching online for 26.UNOFFICIAL FOUND, I'm seeing that some people are saying the host server I use is among several from the same company that infect your site(s) and then offer SafeLock to clean it all up and protect your site, denying the whole time that they do this. It's scary and infuriating, and now I'm thinking I might need to just switch to another server and start over. (That's kind of why I wanted to know if your experience was a real live hack.) But there goes my Google ranking probably. ACK! At least I don't have pharmaceutical ads showing on my site ... yet.

 

Will let you know what comes of this.

 

Thanks again!

  • Like 1

Share this post


Link to post
Share on other sites

That sounds manipulative UGH! Who do you host with?

 

Our VA hosting packages we offer VAs are hosted through Servint who rocks it out. Saying that they are expensive and not for the normal VA which is why I bought a whole server from them so I can then set up VA Hosting Packages myself. Their up time is 99.99% since I've been with them over a year now. Which means all VAs hosted with us...well they are getting awesome service. Plus if our servers do get infected (for whatever reason as it does happen) we clean it at our cost, not your problem ;)

 

Maybe you should move over to us ;)Check out our VA hosting plans starting at $99.95/yr USD

Share this post


Link to post
Share on other sites

Hi Irene,

 

I would take any security issue seriously, but it can be tricky knowing if an email is legit. Great advice on contacting the host directly and not opening any attachments or clicking any links.

 

Just keep in mind that Sucurri is limited in its scan to your publicly accessible files. If the server is infected, it's likely web based scans won't pick it up.

 

I had a client in this same situation. His warning email went to junk so he contacted host and it was legit . I also had another friend hosting with hostgator, ordered sitelock, only to find it wasn't compatible. This was despite host gator's recommendation and there was no refund :(

 

Perhaps it is time to change hosting companies.

 

Let me know if you need any guidance.

  • Like 3

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Want to Become a VA?
    Invest in The VAC!
    How Do YOU Startup A

    Virtual Assistant Organization Association
    Upgrade Your FREE Account & Receive Today...
    * Access to Our Bus JOB Board *
    * Group Coaching & Training*
    *Training Tracks*
    * Private Mastermind Area *
    * Business Templates *
    * Contracts & Forms*
    * Plus VAinsider Perks! *
    UPGRADE HERE


    Virtual Assistant Organization Association

    Virtual Assistant Organization Association







    HootSuite - Social Media Dashboard




×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.