Site Disabled - "Contains a spam script"

by
Max BNC
Profile picture of Max BNC
Posts: Threads: Thanks: Account age: less than a second
9 replies
Hi everyone,

One of the sites I'm working on keeps getting disabled and I get the message saying the site contains a spam script which could be used by someone to send out large volumes of spam emails and "Typically, spam scripts are uploaded by malicious scripts taking advantages of weaknesses in a site's code. "

It has happened maybe 3 or 4 times. Each time I follow the instructions on how to fix the issue, get the site re-enabled and it works fine for some time. Then it happens again. Has anyone had the same problem and how did you overcome this?

Thanks!
#contains a spam script #disabled #site
  • Profile picture of the author JohnMcCabe
    JohnMcCabe
    Profile picture of JohnMcCabe
    Posts: Threads: Thanks: Account age: less than a second
    Start by changing the passwords.

    But before you do, make sure your computer is free of keyloggers or other spyware. If someone is stealing your passwords, you can keep fixing things and they just go back and re-enable them.
  • Profile picture of the author spearce000
    spearce000
    Profile picture of spearce000
    Posts: Threads: Thanks: Account age: less than a second
    This happened to me a couple of years ago. Here's what to do:
    1. Log into Cpanel (or whatever your control panel is) and go through your Raw Access Logs file. Look for a script (typically a PHP script) that's being called from a remote server independently of any other program you have on your site. That will be the script the spammer/hacker is using.
    2. Make a note of the IP address and add it to your IP Deny list.
    3. Delete the script if it's still on your server
    4. Enable hotlink protection. Put your website URL in the URLs to allow access: window, plus any others you want to have access to your site (Google Analytics etc.). In the Block direct access for these extensions (separate by commas): window add php or whatever the type of script is that the hacker/spammer is running.
    That may solve the problem, but you might have to keep checking to make sure the hacker/spammer doesn't come back.


    Like John says above, you should also change your Cpanel and WordPress (if applicable) passwords. Be sure to use a different password for Cpanel and WP.
  • Profile picture of the author malcsimm
    malcsimm
    Profile picture of malcsimm
    Posts: Threads: Thanks: Account age: less than a second
    If your host is any good they will check your site for you and point you towards the problem more often than not.

    This might be a quicker route if you are not used to hunting through your error logs.

    Malc
    Signature

    You WILL banish # Procrastination, # Email bloat, # Wasting time, # Wasting money
    Getting Things Done PLUS Evernote turned my life around - read here how I do it
  • Profile picture of the author serprider
    serprider
    Profile picture of serprider
    Posts: Threads: Thanks: Account age: less than a second
    google for rkhunter first, then you can go a step further and look for a perl backdoor scanner that will actually regex check all the files in www for malicious code. I would also always recommend running ASL with any wordpress install.
  • Profile picture of the author DubDubDubDot
    DubDubDubDot
    Profile picture of DubDubDubDot
    Posts: Threads: Thanks: Account age: less than a second
    Might be a rogue WP plugin.

Trending Topics