11 {{ upvoteCount | shortNum }}
11 {{ upvoteCount | shortNum }}

Site Disabled - "Contains a spam script"

by Max BNC
9 replies
Hi everyone,

One of the sites I'm working on keeps getting disabled and I get the message saying the site contains a spam script which could be used by someone to send out large volumes of spam emails and "Typically, spam scripts are uploaded by malicious scripts taking advantages of weaknesses in a site's code. "

It has happened maybe 3 or 4 times. Each time I follow the instructions on how to fix the issue, get the site re-enabled and it works fine for some time. Then it happens again. Has anyone had the same problem and how did you overcome this?

Thanks!
#contains a spam script #disabled #site
  • Profile picture of the author JohnMcCabe
    Start by changing the passwords.

    But before you do, make sure your computer is free of keyloggers or other spyware. If someone is stealing your passwords, you can keep fixing things and they just go back and re-enable them.
    {{ DiscussionBoard.errors[8863067].message }}
  • Profile picture of the author spearce000
    This happened to me a couple of years ago. Here's what to do:
    1. Log into Cpanel (or whatever your control panel is) and go through your Raw Access Logs file. Look for a script (typically a PHP script) that's being called from a remote server independently of any other program you have on your site. That will be the script the spammer/hacker is using.
    2. Make a note of the IP address and add it to your IP Deny list.
    3. Delete the script if it's still on your server
    4. Enable hotlink protection. Put your website URL in the URLs to allow access: window, plus any others you want to have access to your site (Google Analytics etc.). In the Block direct access for these extensions (separate by commas): window add php or whatever the type of script is that the hacker/spammer is running.
    That may solve the problem, but you might have to keep checking to make sure the hacker/spammer doesn't come back.


    Like John says above, you should also change your Cpanel and WordPress (if applicable) passwords. Be sure to use a different password for Cpanel and WP.
    {{ DiscussionBoard.errors[8863233].message }}
  • Profile picture of the author malcsimm
    If your host is any good they will check your site for you and point you towards the problem more often than not.

    This might be a quicker route if you are not used to hunting through your error logs.

    Malc
    Signature

    You WILL banish # Procrastination, # Email bloat, # Wasting time, # Wasting money
    Getting Things Done PLUS Evernote turned my life around - read here how I do it
    {{ DiscussionBoard.errors[8863390].message }}
  • Profile picture of the author serprider
    google for rkhunter first, then you can go a step further and look for a perl backdoor scanner that will actually regex check all the files in www for malicious code. I would also always recommend running ASL with any wordpress install.
    Signature
    SEnuke XCr - BackLink Beast - Free Captcha And More Only $50
    {{ DiscussionBoard.errors[8863458].message }}
    • Profile picture of the author Max BNC
      Thanks for your help guys, I'll try what you said. Unfortunately my host is no help at all and this has been going on for a few months now. I'll let you know whether it works or not.
      {{ DiscussionBoard.errors[8865672].message }}
      • Profile picture of the author malcsimm
        Originally Posted by Max BNC View Post

        Thanks for your help guys, I'll try what you said. Unfortunately my host is no help at all and this has been going on for a few months now. I'll let you know whether it works or not.
        Max - if your host is not helping you: then your answer is simple - change host. If you move your website that may well end the problem.

        Some hosts will even move your site for you. Then, presumably, they will check it for malware.

        Really - if your host is that useless you need a better one: either now or when you can.

        I have a list of 150 Internet Marketing Tools on my blog (must get that link in my sig :| ) and my top recommendation for entry level hosting is MDD. Maybe check them out.

        Good luck!

        Malc
        Signature

        You WILL banish # Procrastination, # Email bloat, # Wasting time, # Wasting money
        Getting Things Done PLUS Evernote turned my life around - read here how I do it
        {{ DiscussionBoard.errors[8866552].message }}
        • Profile picture of the author kpmedia
          Originally Posted by malcsimm View Post

          Max - if your host is not helping you: then your answer is simple - change host. If you move your website that may well end the problem.
          I doubt it's a server issue. It sounds like a site issue.

          But I would agree -- a good host should at least let you know where the script is. Logs will reveal that easily, if the host is worth anything.
          Signature
          FAQ: Need a Site5/Arvixe/Hostgator alternative? And who is EIG?
          Reviews:           Need a good VPS, dedicated server, or unlimited host? (This is NOT a fake "top 10" list!)
          {{ DiscussionBoard.errors[8866626].message }}
          • Profile picture of the author malcsimm
            Originally Posted by kpmedia View Post

            I doubt it's a server issue. It sounds like a site issue.

            But I would agree -- a good host should at least let you know where the script is. Logs will reveal that easily, if the host is worth anything.
            That's true - the logs will help track it down.

            If you have cPanel look around for log locations. Or ask your unhelpful host where they are. I was checking through Bluehost's the other day and they are in 3 different locations.

            Malc
            Signature

            You WILL banish # Procrastination, # Email bloat, # Wasting time, # Wasting money
            Getting Things Done PLUS Evernote turned my life around - read here how I do it
            {{ DiscussionBoard.errors[8866662].message }}
  • Profile picture of the author DubDubDubDot
    Might be a rogue WP plugin.
    {{ DiscussionBoard.errors[8865730].message }}

Trending Topics