IMPORTANT: Please do NOT reply to this email. The ONLY way to request assistance and resolve the case is by logging in to your User Area (https://www.siteground.com/login_page.htm
) and updating the ticket that has been automatically opened for your convenience. Contacting us by any other means will only slow down the resolution of the case.
While conducting our regular server security audit, we detected that the application hosted on your site has become vulnerable to exploits and creates a serious threat to the integrity of the shared server.
We have compiled a list with the suspicious files and it is stored in your account's home folder in a file called suspicious_files.txt:
It can be downloaded either through Site Tools File Manager or using your local FTP client.
To ensure the overall security of the server and all websites hosted on it, we had to temporarily disable access to this application.
We are very much aware of the inconvenience this issue may cause you, so we would like to take a moment and explain the reasons for our actions: as you know, your account is hosted on a shared hosting server and thus sharing the resources of the server with other customers' accounts. If one account and even one application is hacked, this will endanger the integrity of the whole shared server and all other accounts on it. This is why the above explained precaution is absolutely necessary.
Very often sites are compromised because of outdated software or stolen login details. Please check the following article for more information:https://www.siteground.com/kb/why-was-my-website-compromised/
Next, you may wonder what SiteGround does to protect your site. The answer is:
- By default, we have set all sites to use the latest PHP 7.3 which has register_globals and allow_url_include turned off. This prevents remote code inclusion and variable poisoning.
- We are running a hardened apache version in chrooted environment with suexec. This makes sure that your website is isolated from the rest of the sites.
- We have sophisticated IDS / IPS systems which block malicious bots and attackers.
Unfortunately, the above is not always enough. Most web applications require constant attention and updates to resolve the latest security vulnerabilities.
In your case we can offer you 2 solutions:
1. Clean and secure the site by yourself. After that you should reopen the ticket about this case so that we can confirm the issue is resolved.
2. Security audit performed by our partners from Sucuri. We recommend the website security company Sucuri for malware detection, malware cleanup and malware prevention. Their 2-in-1 Website AntiVirus Website Firewall (WAF) solution supports and protects all websites built on any platform.https://siteground.com/sucuri
Regardless of which way you choose to approach the problem, make sure to upgrade any applications you are using and their extensions to the latest available release.
Also, provide us with scan results of your local computer with an anti-virus software of your choice, confirming that the same is not infected in any way. You can provide us with the results in the form of a screenshot attached to this ticket.
Thank you for your understanding and cooperation.