Get 90% OFF the first month of your service

USE COUPON CODE: Q32018

T&Cs Apply

Recovering From a Spam Attack

You may have recently received an email from one of our support staff informing you that a large amount of spam was discovered being sent out from your hosting account.

The following guide has been designed to help you recover from this situation as quickly as possible and provide advice on how you can prevent further attacks against your account.

Where is the spam coming from?

There are three common causes for spam being distributed from your account.

  1. Malware from an infected work, or home computer, is sending spam via your email account.
  2. A third party has guessed your mailbox password is sending the spam through your account.
  3. Your web site has been compromised by a hacker and they are running automated scripts to send out spam from your hosting account.

The most common form of attack is via your web site. A hacker will typically scan your web site looking for tell tale signs about what content management system or shopping cart you are using. If your web site software isn’t updated and secured on a regular basis then it’s quite likely they will find a weakness allowing them to gain access. Once they have gained access they can upload any number of scripts to your account and start distributing spam without you realising.

What happens when spam is sent from my account? email-blacklist

We receive security warnings from other Internet mail providers asking us to stop the spam. If we are unable to comply with these warnings immediately then our mail server will be added to a blacklist.

Your web hosting account lives on a server that holds many other accounts. If you, or another account holder, send out spam then the blacklist provider will mark the IP address of the server as the source of the problem, not your individual hosting account. The end result is that all the account holders on the server will not be able to send or receive email properly until the blacklist is lifted.

Obviously we would prefer to avoid this from occurring so we act on the advice of the security report and suspend your account to prevent further spam from being delivered.

How do I restore my services?

If you are not operating a web site and the spam is being sent from a compromised mailbox then we will:

  1. Reset your cPanel account password
  2. Reset your mailbox password
  3. Send you a support ticket with a new mailbox password

If the support ticket is going to be sent to the compromised mailbox then you will need to provide an alternative email address that is not tied to your domain name (eg. Hotmail, Yahoo or Gmail).

Once you have received the new mailbox password you can then update your email software with the new details.

You may find that your email software is still attempting to connect to your account with the old password and if that is the case you should read our guide on How to Unblock Your Email Account.

If you are operating a web site then unfortunately the entire account will need to be terminated and recreated from scratch again. This is because once your web site has been compromised there is no actual way of knowing what files have been modified and where the source of the spam may be emanating from. By terminating the account we are ensuring that the infected web site is no longer active and that the spam being generated will stop.

If the spam is being distributed from within your web site then we will:

  1. Reset your cPanel account password
  2. Terminate and recreate your account
  3. Send you a support ticket with the new cPanel password

If the support ticket is going to be sent to the compromised mailbox then you will need to provide an alternative email address that is not tied to your domain name (eg. Hotmail, Yahoo or Gmail).

Once you have received the new mailbox password you can then update your email software with the new details.

You may find that your email software is still attempting to connect to your account with the old password and if that is the case you should read our guide on How to Unblock Your Email Account.

Once you receive the new login details you should contact your web developer and ask them to upload your web site from a clean backup. This is usually a backup that was generated prior to the web site being hacked and will contain a copy of your web site in it’s normal state. zip-file

If don’t have access to a recent backup then you can order the required addon called “Provide a backup of your website” for your account by logging into your Client Area here:

  1. Once logged in select “My Services”
  2. Click on the “View Details” button to the right of the product you wish to order the addon for
  3. On the following page click on the “Addons” tab
  4. Click on the link “View available Addons”
  5. Click the “Order Now” button to the right of the “Provide a backup of your website” addon and then follow the ordering and payment process.

A backup will be generated and placed into the home folder of your account which your web developer can then download. Once they have retrieved the file they can unpack it onto their own local computer and attempt to clean up and restore the site to its normal working order.

It’s important that your web developer does not upload the files again without attempting to clean up the web site first. If they upload a web site that already been compromised the spam will start to generate again and your hosting account will need to be suspended again.

How do I can prevent this from occurring again?  website-backup

You will need to secure and maintain your content management system or shopping cart on a regular basis. Talk to your web developer about how best to approach this with your particular website.

The following support article should should help you and your web developer create a checklist for your website.

Secure Your Web Site

You should perform ongoing scans on both your local computer and web site to ensure that no malware or viruses are active. By using these tools you can fix problems before they become really serious.

Modern antivirus tools such as Norton AntiVirus, ESET Smart Security and Kaspersky Anti-Virus will help to scan and remove any malware that might be on your computer.

Relying on one particular tool may not be the best course of prevention. You can download dedicated malware scanning tools that can run in conjunction with your main antivirus software. Tools such as the Microsoft Safety Scanner and Malwarebytes Anti-Malware.

For your web site there are similar scanning tools, although the removal of any malware usually requires a subscription. Some of the more popular commercial malware removal tools are Sucuri, Siteguarding and Webinspector.