HostPapa can put limitations on a website if we’re notified that it’s seeking to extort personal information from third parties through malware or phishing attacks. In this article, we’ll show you what to do if you click on a phishing link or if malware is detected on your website.
What’s the difference between malware and phishing attacks?
Malware: an umbrella term used to refer to a variety of forms of hostile or intrusive software. This includes computer viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious programs. It can take the form of executable code, scripts, active content, and other software.
Phishing: the attempt to acquire sensitive information, such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.
HostPapa is required to take direct action against websites hosting malware or phishing web pages, as described in HostPapa’s Terms of Service – Acceptable Use Policy (Section 6). For more information, please review the terms of service for your region.
How did this happen to you?
Hackers are always on the lookout for vulnerable websites to exploit. When they find security holes, they insert their own code into others’ websites to promote their illegal activities.
When HostPapa receives malware and phishing complaints, our customers usually use open source software and/or scripts (such as Joomla, WordPress, or Drupal), plugins, themes, or forms that aren’t up-to-date with the latest security patches or updates.
What limitations is my website under?
If your website is infected due to a malware or phishing attack, HostPapa will disable it to protect your emails and other websites. The infected website will no longer be accessible, but everything else on your account will continue to work as usual.
If infected files are causing damage to the server, we can disable them and prevent you from re-enabling them to protect the server and other accounts.
What happens now?
If your account and website have been compromised due to a security hole, you have two options. You can clean your website files, hosting account, and anything outdated, or you can provide HostPapa Support with a backup of your account/website to restore a clean version.
If you have a good backup of your data, you can then restore your site. This is the only way to clear out potential issues that occurred during the exploit, such as files maliciously uploaded to your website folders (including viruses or malware).
If you don’t have a backup of your account/website, Support can check our internal backups to see if there’s anything we can do to restore your files. If we can restore your files, we’ll run a scan to determine if they’re infected. We cannot guarantee that the files from the backup are not infected.
In the case of a phishing attack, all files must be erased. Phishing is an illegal activity, and any data collected by the phishing site must be confirmed to be deleted. Due to this, we can limit your account and disable any infected files for these not to affect the server’s stability and functionality. This action will be in place until you clean/remove all the infected files.
Contact HostPapa Customer Care to sign up for Protection Power from HostPapa. With Protection Power, you can remove and prevent malware, blacklisting, search engine poisoning, and other threats to your website.
If you have a backup created using the Backup Wizard from cPanel:
Please let HostPapa Support know, and we will provide FTP access for you to upload this file to your account. We will then restore this backup on your behalf and determine if this solves the problem.
If you have a backup created using another method, or if you have a partial backup:
You will need to restore the backup yourself. Please let HostPapa Support know by indicating that you wish to restore your backup, and we will provide access for you to do so. Once complete, we will determine if this solves the problem.
If you have HostPapa’s Automated Website Backup Service:
You will still need to completely delete your hosting data or clean the site before using this service to restore your website. HostPapa’s Automated Website Backup is an incremental backup service and may not overwrite or erase new files left by the hackers.
If you do NOT have a backup of your website, or if attempts to clean your site or restore backups have failed to rectify the problem:
Regrettably, your account will need to be completely reset. Doing so will result in the loss of ALL data, including website files, email addresses and databases.
Although we are not obliged to do so, HostPapa will provide a 30 day period for you to choose a course of action and complete any work required from your side. If this situation is not addressed and/or corrected to our satisfaction, we may have no alternative but to terminate your account as a last resort. Termination will include the deletion of your website files, email addresses, databases, and all files and email history located on our servers. For further information, please refer to Section 10 of our Terms of Service.
For more information, please review the terms of service for your region.
How can you secure your website in the future?
HostPapa’s servers are secure by design. The security level of your website depends on the code within it that you upload to our servers.
HostPapa also offers Protection Power to help you detect threats to your website and protect your website visitors. Additionally, we strongly recommend that you read our article on how to improve your website security, including updating it with the latest security patches for software programs and scripts that you may use on your site.
If you need help with your HostPapa account, please open a support ticket from your dashboard.