Had an email the other day from a website owner who woke to find this in place of his website and a warning email from his hosting company:
Here’s what the email from his hosting company said:
Our Abuse department has received a report regarding phishing content being hosted on an account under your control. We have disabled site access for your account to prevent further complaints, and have provided a list of the reported content… In order to remove the restrictions we’ve placed, you must resolve the security issue and remove what malicious content was listed. [emphasis added]
Luckily the fix was easy because the hosting company explained what files to delete and where they were. So, using an FTP program, you just delete the offending files:
The most likely reason hackers were able to plant this malware? The WordPress installation, plugins and themes hadn’t been updated in over a year.
Once we reported the file removal and the hosting company confirmed it, the site was back up in about 15 minutes.
Most hosting companies have become even more vigilante over the last few years, as well as quicker to shut down sites with malware. In a shared hosting environment, lax security hurts not just you but everyone else on the server.
Don’t get mad at your hosting company when they shut you down like this. In most cases, the malware issues are your fault: weak passwords, software left outdated, installing poor quality scripts… it’s your responsibility to keep your site secure. Be happy they’re monitoring things because, in this case, the site owner sure wasn’t.