It is also highly recommended to use different scanning means for your hosting web space for malicious software. First of all, you can use an built-in cPanel virus scanner. In order to do it, log into cPanel >> click on the Virus Scanner icon under the Advanced tab:



Once there, choose the Scan Entire Home Directory option and click the Scan Now button:





Also, you can use some free online scanners such as this one.

It is better to combine these two ways of checking your account for viruses. In order to prevent having viruses and malware on your account it is recommended to use themes and plugins only from trusted providers.

Additionally, we would recommend to contact our Support Team so we can check your hosting account by means of internal scanners and tools in order to ensure it is clean and secure. Our support representatives will also be able to provide you with a detailed scan report so you can examine it later.

Below you can find an example of a scan report provided by our Support Team:

----------- SCAN REPORT ----------- TimeStamp: Date (/usr/sbin/cxs --nobayes --clamdsock /var/clamd --defapache nobody --doptions Mv --exploitscan --nofallback --filemax 50000 --html --ignore /etc/cxs/cxs.ignore --options mMOLfSGchexdnwZDRu --qoptions Mv --report /home/cPanel_username/scanreport-support-date-h12m.txt --sizemax 500000 --ssl --summary --sversionscan --timemax 30 --user support --virusscan --xtra /etc/cxs/cxs.xtra) Scanning /home/cPanel_username: '/home/cPanel_username/access-logs' # Symlink to [/usr/local/apache/domlogs/support] '/home/cPanel_username/public_html/process.txt' # ClamAV detected virus = [Eicar-Test-Signature] ----------- SCAN SUMMARY ----------- Scanned directories: 171 Scanned files: 13996 Ignored items: 33 Suspicious matches: 2 Viruses found: 1 Fingerprint matches: 0 Data scanned: 218.37 MB Scan time/item: 0.008 sec Scan time: 107.945 sec

NOTE: Pay attention to the parts of the scan report highlighted in red. These are the lines to examine in case there is malware in your hosting account.

Update your passwords

As a precautionary measure, it is highly recommended to update passwords of all the services related to your hosting package as well. Such services include:

• WHM/cPanel password

Check how to reset the cPanel password here.

As an improved security measure, it is recommended to set up 2FA for the cPanel account.

If you use Reseller Hosting with us, you can initiate a password reset for your main cPanel account, and your WHM password will be updated automatically as well.

To reset the root password for a VPS server, refer to the following tutorial.

• FTP passwords

Changing the cPanel account password will also update the password for your main FTP account. However, it is necessary to make sure that passwords for all additional FTP accounts are updated as well. In order to change the password for an additional FTP account, you need to do the following:

• Log into your cPanel account and navigate to the FTP Accounts menu under the Files section.
• Scroll down to the FTP Accounts section, paste a new password  and click on the Change Password button next to the corresponding FTP account.

• CMS passwords

You can find some useful tutorials on how to update Admin passwords for Wordpress, Joomla, Prestashop and WHMCS as examples below:

How to reset WordPress Admin password
How to reset Joomla Admin password
How to reset Prestashop Admin password
How to reset WHMCS Admin password

Make sure that you use strong passwords with special characters in order to avoid unauthorized access to your hosting web space in the future. We recommend to use Password Generators like this one in order to create a complicated, long and reliable password.

For more information on complicated passwords, visit the following link.

• Database Passwords

The next step is making sure that passwords for all the existing databases are updated and secure as well. This can be done from cPanel > MySQL Databases menu easily.

• Log into your cPanel account and navigate to the MySQL Databases menu.
• Scroll down the window and locate a list of MySQL Usernames under the Current Users section.
• Click on the Change Password button next to the user.
  

• Next, indicate the new password and click on the Change Password button.

• Email Account password

• Log into your cPanel account and navigate to the Email Accounts menu.

Update your CMS along with all the modules/plugins

The next measure is to make sure you are running the most recent version of a CMS and modules/plugins installed for it. It is important to keep your software up-to-date as the newest version contains various security implementations and fixes that helps to avoid security breaches.

In case your CMS was installed using our Softaculous script installer, it is possible to update it in a few clicks right from the Softaculous interface, check the following tutorial for more details.

If you are using one of CMS scripts available in Softaculous, but initial installation was performed in a different way, you can import the installation to Softaculous in order to update it easily then. For more details on how to import installation into Softaculous, check the following tutorial.

If your website is based on a custom and manually developed script, it is recommended to contact a web developer in order to implement additional security features.

Have a fresh backup of your files

Once all the measures are taken, make sure to create an up-to-date backup of your files. This can be easily done by means of an in-built backup tool in cPanel. For more details, feel free to check the following tutorial. You may also wish to configure automatic backup creation in cPanel.

That's it!

              
                      Need any help? Contact our HelpDesk