The persistence of malware is one of the main issues that make it a problem on most websites today. If malware is found on a website hosted with us at Intek Host, the PHP mail function will be automatically turned off as a precautionary measure. We do this to guarantee that the infected websites do not send out massive quantities of spam emails and to protect the credibility of senders across the platform. We perform daily scans for malware on all of the websites that are hosted on our system; however, we will only scan files for which the system has identified a change. If there is no indication that these files have been altered in any way, we will not do another search for malware on them.
Follow this link here to learn how to scan your website for malware manually.
Steps to remove malware
If our malware scanner finds any potentially harmful files or signs of a malware infection on your server and website, an email will be sent to you automatically from scan@intekhost.net. This email will provide you with the particular domain name and other details like the number of infected files, warnings, and scan date. You will be required to log into your StackPanel here: https://cp.intekhost.net to investigate further.
- Log in to Intek Hosting StackPanel
- Scroll down to the Security tab and choose Malware Scan.
If Malware is present on your web server or website, you will see a warning like this image below (usually located below your Account Information):
◉ From here, click on the “View Full Report” button to open the main Malware Report page.
◉ The scanner will show you the potentially infected Filename and the Exploit Found. Click on the “Show Full Report” button to reveal the full path to the infected file, as well as the exploit name. The image below shows this:
As seen in the image above, you will also see previous scan dates and the results.
Note: Infections found marked in red indicate that the file could be a risk to the site. We also have a yellow ‘warning’ state which shows that the signatures found are unlikely to pose a high risk to the site. For example log files, SQL files and .zip backups files. Essentially, a yellow warning state is for information only and won’t impact the sending of mail.
◉ Any files that are found to contain any malware will also be displayed in the File Manager, allowing you to readily access and examine the files that have been reported. (see image below)
You can right-click on the infected file and choose Delete to remove the file completely from the server/website.
Removing compromised files and replacing them with clean downloads usually fixes malware issues. Thus, reinstall the software and replace only the affected files. You could also delete unnecessary files.
◉ The attacker’s script may be “injected” into a file’s first or last line. If this is clear, uninstall the harmful script.
◉ Do this for all Malware Scanner-found files.