Site Disabled - "Contains a spam script"

Posted: 11 years ago 9 replies

INTERNET MARKETING

Hi everyone,

One of the sites I'm working on keeps getting disabled and I get the message saying the site contains a spam script which could be used by someone to send out large volumes of spam emails and "Typically, spam scripts are uploaded by malicious scripts taking advantages of weaknesses in a site's code. "

It has happened maybe 3 or 4 times. Each time I follow the instructions on how to fix the issue, get the site re-enabled and it works fine for some time. Then it happens again. Has anyone had the same problem and how did you overcome this?

Thanks!

#contains a spam script #disabled #site

JohnMcCabe

JohnMcCabe

JohnMcCabe

Posts: Threads: Thanks: Account age: less than a second

11 years ago

Start by changing the passwords.

But before you do, make sure your computer is free of keyloggers or other spyware. If someone is stealing your passwords, you can keep fixing things and they just go back and re-enable them.
- [ 0 ] Thank this user
spearce000

spearce000

spearce000

Posts: Threads: Thanks: Account age: less than a second

11 years ago
This happened to me a couple of years ago. Here's what to do:
1. Log into Cpanel (or whatever your control panel is) and go through your Raw Access Logs file. Look for a script (typically a PHP script) that's being called from a remote server independently of any other program you have on your site. That will be the script the spammer/hacker is using.
2. Make a note of the IP address and add it to your IP Deny list.
3. Delete the script if it's still on your server
4. Enable hotlink protection. Put your website URL in the URLs to allow access: window, plus any others you want to have access to your site (Google Analytics etc.). In the Block direct access for these extensions (separate by commas): window add php or whatever the type of script is that the hacker/spammer is running.
That may solve the problem, but you might have to keep checking to make sure the hacker/spammer doesn't come back.

Like John says above, you should also change your Cpanel and WordPress (if applicable) passwords. Be sure to use a different password for Cpanel and WP.
- [ 2 ] Thank this user
malcsimm

malcsimm

malcsimm

Posts: Threads: Thanks: Account age: less than a second

11 years ago

If your host is any good they will check your site for you and point you towards the problem more often than not.

This might be a quicker route if you are not used to hunting through your error logs.

Malc
- [ 0 ] Thank this user
Signature

You WILL banish # Procrastination, # Email bloat, # Wasting time, # Wasting money
Killer (FREE) time management system WILL make you super-efficient - you'll wonder what hit you!!
Getting Things Done PLUS Evernote turned my life around - read here how I do it

11 years ago

google for rkhunter first, then you can go a step further and look for a perl backdoor scanner that will actually regex check all the files in www for malicious code. I would also always recommend running ASL with any wordpress install.

[ 0 ] Thank this user
1 reply

Signature

SEnuke XCr - BackLink Beast - Free Captcha And More Only $50

11 years ago

Thanks for your help guys, I'll try what you said. Unfortunately my host is no help at all and this has been going on for a few months now. I'll let you know whether it works or not.

[ 0 ] Thank this user
1 reply

11 years ago

Originally Posted by Max BNC

Thanks for your help guys, I'll try what you said. Unfortunately my host is no help at all and this has been going on for a few months now. I'll let you know whether it works or not.

Max - if your host is not helping you: then your answer is simple - change host. If you move your website that may well end the problem.

Some hosts will even move your site for you. Then, presumably, they will check it for malware.

Really - if your host is that useless you need a better one: either now or when you can.

I have a list of 150 Internet Marketing Tools on my blog (must get that link in my sig :| ) and my top recommendation for entry level hosting is MDD. Maybe check them out.

Good luck!

Malc

[ 1 ] Thank this user
1 reply

Signature

You WILL banish # Procrastination, # Email bloat, # Wasting time, # Wasting money

Killer (FREE) time management system WILL make you super-efficient - you'll wonder what hit you!!

Getting Things Done PLUS Evernote turned my life around - read here how I do it

11 years ago

Originally Posted by malcsimm

Max - if your host is not helping you: then your answer is simple - change host. If you move your website that may well end the problem.

I doubt it's a server issue. It sounds like a site issue.

But I would agree -- a good host should at least let you know where the script is. Logs will reveal that easily, if the host is worth anything.

[ 0 ] Thank this user
1 reply

Signature

FAQ: Need a Site5/Arvixe/Hostgator alternative? And who is EIG?
Reviews: Need a good VPS, dedicated server, or unlimited host? (This is NOT a fake "top 10" list!)

11 years ago

Originally Posted by kpmedia

That's true - the logs will help track it down.

If you have cPanel look around for log locations. Or ask your unhelpful host where they are. I was checking through Bluehost's the other day and they are in 3 different locations.

Malc

[ 0 ] Thank this user

Signature

You WILL banish # Procrastination, # Email bloat, # Wasting time, # Wasting money

Killer (FREE) time management system WILL make you super-efficient - you'll wonder what hit you!!

Getting Things Done PLUS Evernote turned my life around - read here how I do it

DubDubDubDot

DubDubDubDot

DubDubDubDot

Posts: Threads: Thanks: Account age: less than a second

11 years ago

Might be a rogue WP plugin.
- [ 0 ] Thank this user

Site Disabled - "Contains a spam script"

Trending Topics

Strategy for selling business management software to Gas stations!

Hello, happy to be here.

Is DL Guard still available to buy?

Hello all o/

How to host LinkedIn live events

Bouncer - Powerful and secure email verification platform