How to protect your website from spamming or hacking? Print

  • 0

Some times you saw over 3,000 or more emails coming from a script within any directory of your file. Perhaps the main activity is not intentional. The account, or some client that uses it, may have been compromised, causing emails to be sent without your knowledge. Some times the hosting provider will trigger the suspension of your mail services or suspend your full account temporally or suspended your user from being able to send the email. When you can confirm that account won't be spamming again then hosting provider lift the suspension. This is your responsibility to stop your email from spamming. Spamming damages your services and the service level of other clients. When you spam we suspend the account, we notify you of the issue. You move forward to resolve the issue, then we unsuspended the account.
 
We recommend taking the following steps to avoid this from happening again:
1) Scan any computers used to access this account for viruses and malware.
 
2) Change all passwords associated with the account 
3) If any form on your site is unprotected then you need to add a captcha or other anti-bot measure.
4) Update all scripting used on the account (scripting such as Joomla, WordPress, Magento etc) and ensure all modules, themes and plugins are also updated to their latest secure versions.
5) If the hosting provider removes the infected files then you can either restore the website from a clean backup or download it from main source. For example for WordPress Core files here: https://wordpress.org/download/
6) Check the account for rogue scripts, spammers or compromised accounts. You can run a malware scan from cPanel by clicking on "Virus Scanner" under the "Advanced" section in cPanel.
7) cPanel allows you to suspend specific email accounts instead of suspending mail service of the whole cPanel account. To suspend a single email account, please locate the Email Accounts menu in cPanel and click 'Manage' near the email account.
8) We would recommend that you have your site repaired and secured professionally and we recommend to get Sucuri.
 
9) If you found the affected file then you must clean and secure the account in order to prevent it from happening again. Reviewing your file directory and removing any PHP scripts that you do not recognize.
10) Check all the files and directory permissions. You will need to set the permission of the folder back to 0755 before you can access it.
11) Check the cron jobs set on the domains

Was this answer helpful?

« Back