How do I use the free Infinity3 Website Malware Scanner? 

One of the major problems with malware is its persistence. This is why Infinity3’s free Website Malware Scanner makes daily scans of all the sites within your hosting account. It uses a combination of commercial and in-house tools to provide reports detailing malicious content and its location within your site files.

When malware is located on a site, PHP mail is automatically disabled. We do this to preserve sender’s reputation across the platform and ensure that any sites that are compromised do not send large volumes of spam emails.

We run daily malware scans on all sites on our system – we will only scan files that the system has detected changes on. If no change has been detected, we won’t run a new malware scan on these files.

Note: when we refer to “signatures” in this guide, this is referring to the names given to each item of malicious code detected in a file.

Best practices when dealing with malware and infected files

  • Check the Malware Report produced by the malware scanner to identify if there are any infected files
  • Clean and remove the infected files from your webspace
  • Identify any vulnerabilities within the site and secure them

Taking regular backups means that you’ll always have a restore point if you do find your site has compromised files.

Checking the Malware Report

The Malware Scanner shows you a full list of sites that are currently infected within your account. If you’re a 20i Reseller, you can access this list by:

  • Logging in to your hosting control panel
  • Selecting Malware Report
  • If any of your sites are currently infected, they will be listed here

The scanner shows details on the package where the infection has been found, the time of the last scan and the number of infected files. To show a more detailed report, select View Report. You will now see the full list of infected files on the site.

If the scanner finds any potentially harmful files or signs of a malware infection, however, you’ll instead see the following:

Should any infected files be found on the package, we’ll also add a warning to the package itself to notify you of this.

Any files that are detected as malware will also show in the File Manager so that you can easily access and review the flagged files.

Note: Infections found marked in red indicate that the file could be a risk to the site. We also have a yellow ‘warning’ state which shows that the signatures found are unlikely to pose a high risk to the site. For example log files, SQL files and .zip backups files. Essentially, a yellow warning state is for information only and won’t impact the sending of mail.

Cleaning and removing infected files

In most cases, the best way to resolve an issue with malicious content is to remove the compromised files and replace them with versions from a known clean download. That is, download the software again and replace just the files that have been infected from the initial install.

If the files are not needed, then you could also just delete the files completely.

Sometimes an infected file will just have the attackers script ‘injected’ in the first or last line of a specific file. Sometimes this can be very obvious, in which case you could look to simply remove the malicious script.

You should do this for all the files that have been found by the Malware Scanner.

Further actions you can take

Remove unnecessary or unused plugins and applications from the site. Doing this will not only reduce the number of potential vulnerabilities but also make general site ‘housekeeping’ simpler.

You should also make sure that any plugins you’re using are always kept fully updated. Outdated software versions are much more likely to have security vulnerabilities – leading to compromised sites.

It may also be worthwhile to change passwords such as your database password and FTP password.

Note: Don’t forget to update any configuration files such as wp-config.php after making the changes.
Rescanning the site

You can re-scan the site on demand. Once you believe you’ve removed the malware, head back to the Malware Scanner and select Scan again.

If all infected files are removed, then PHP mail will be re-enabled automatically and there will be no infected files displayed. The scanner will continue to take daily scans of all your websites to ensure you’re always aware of any sites that have been compromised.