Westhost Logo

Knowledgebase

KnowledgebaseWeb HostingStackCP

Search Articles

Categories

    • Help

    Check service status
    Chat with a support agent
    Create a ticket
    Send an email
    Back to StackCP

    How do I Use the Malware Scanner


    One of the major problems with malware is its persistence. This is why our free Website Malware Scanner makes daily scans of all the sites within your hosting account. It uses a combination of commercial and in-house tools and provides reports detailing identified malicious content and its location within your site files. When malware is located on a site, PHP mail and cron jobs are automatically disabled. We do this to preserve sender reputation across the platform and ensure that any sites that are compromised do not send large volumes of spam emails.

    An automated malware scan will only be triggered if a change is detected to the site files. If no change has been detected we won't run a new malware scan. 
    InfoNote: when we refer to “signatures” in this guide, this is referring to the names given to each item of malicious code detected in a file.

     Best practices when dealing with malware and infected files:

    1. Check the Malware Report produced by the malware scanner to identify if there are any infected files
    2. Clean and remove the infected files from your webspace
    3. Identify any vulnerabilities within the site and secure them
    Taking regular backups means that you'll always have a restore point if you do find your site with compromised files. You can do this in StackCP or automate this using Timeline Backups

    How to Run a Scan

    1. Login to StackCP
    2. Click on the Malware Scan icon in the Security section



    3. This will then load a page where you can run a new scan by clicking Scan Again



    4. When the scan is complete you will either see a notification to say the account is clean, or it will provide a list of suspected infected files


    Cleaning and removing infected files

    In most cases, the best way to resolve an issue with malicious content is to remove the compromised files and replace them with versions from a known clean download. That is, download the software again and replace just the files that have been infected from the initial install.

    If the files are not needed, then you could also just delete the files completely.

    Sometimes an infected file will just have the attackers script 'injected' in the first or last line within a specific file. Sometimes this can be very obvious, in which case you could look to simply remove the malicious script. 

    You’ll want to do this for all the files that have been found by the Malware Scanner.

    Further actions you can take

    Remove unnecessary or unused plugins and applications from the site. Doing this will not only reduce the number of potential vulnerabilities but also make general site 'housekeeping' simpler.

    You should also make sure that any plugins you're using are always kept fully updated. Outdated software versions are much more likely to have security vulnerabilities - leading to compromised sites. 
    Change passwords such as your database password and FTP password.

    InfoNote: Don’t forget to update any configuration files such as wp-config.php after making the changes. 


    Rescanning the site

    You can re-scan the site on demand. Once you believe you’ve removed the malware, head back to the Malware Scanner and select ‘Scan Again’.

    If all infected files are removed, then PHP mail and cron jobs will automatically be re-enabled and there will be no infected files displayed. The scanner will continue to take daily scans of all your sites to ensure you’re always aware of any sites that have been compromised. 

    Related Articles

    How do I connect via FTP?
    How To Access Your Site Using SSH
    Wordpress SMTP
    How do I log into StackCP
    How to Change PHP Version

    Can’t Find what you need?

    No worries, Our experts are here to help.

    Check service statusCreate a ticketChat with a support agent