Manage cookies that are used for advertising, such as ad personalization, remarketing, and ad effectiveness analysis.
2.15.2.1. Antivirus
Important points:
- The hosting's built-in antivirus searches only for malicious code that has signatures in its database. If a scan does not detect a threat, it does not guarantee its absence.
- It is recommended to additionally check for malicious code using third-party antivirus software such as PHP Antimalware Scanner or phpMussel.
- If you have detected malicious code that our antivirus does not find, you can report it to us via online chat. When contacting the chat, attach an archive with the files that are suspected to be malicious.
flowchart LR
scan[🔎 Scanning]
subgraph Restrictions applied
block["🚫 Restricting
outgoing connections
and mail sending"] cleaning[\"🧹 Virus cleaning
(manually)"/] rescan[🔎 Re-scanning] end unblock[✅ Removing
restrictions] clean([👌 No restrictions]) scan-->|Have
viruses|block block-->cleaning cleaning-->rescan rescan-->|Have
viruses|block rescan-->|No
viruses|unblock unblock-->|5-15
minutes|clean scan-->|No
viruses|clean
outgoing connections
and mail sending"] cleaning[\"🧹 Virus cleaning
(manually)"/] rescan[🔎 Re-scanning] end unblock[✅ Removing
restrictions] clean([👌 No restrictions]) scan-->|Have
viruses|block block-->cleaning cleaning-->rescan rescan-->|Have
viruses|block rescan-->|No
viruses|unblock unblock-->|5-15
minutes|clean scan-->|No
viruses|clean
The hosting uses our own antivirus of our own development. The signature database is regularly updated and replenished by our specialists, allowing us to find both new threats and old ones that could not be detected before.
Scan
Notes:
- Automatic scanning is usually performed once every 1-2 days.
- Manual scans can be started no more than once per 1 hour. If less than one hour has elapsed since the previous scan, the start button will not be available (grayed out instead of green).
- Contents of archives are not checked.
To start scanning, open the "Antivirus" section and click "Scan hosting account files" on the "Infected files" tab:
Results
When malicious code is detected, a corresponding notification is sent to email and connected messengers and a report with a list of infected and malicious files appears in the "Antivirus" section:
The list contains:
- Full path to infected file.
- The "Show" button opens the file in file manager editor on the line with the highlighted signature (the code fragment that identified the file as malicious).
- Date of last modification of the infected file.
The files from the list should be carefully analyzed. If the file is partially infected, you should delete only fragments with malicious code (complete deletion of the file may disrupt the site), if the file consists entirely of malicious code — then it can be deleted completely.
Restrictions
When malicious code is detected, restrictions are automatically applied to the hosting account:
- Outgoing connections to external servers are blocked.
- Sending mail from a web server without authorization is blocked.
- Email sending limit via SMTP with authorization is lowered to 50 messages per day.
Virus cleaning
See the recommendations in the Virus cleaning article.
Removing restrictions
After cleaning your hosting account, run a re-scanning. If no threats are detected, the set restrictions will be removed automatically (the changes take effect within about 15 minutes).
Malicious processes
The "Malicious processes" tab displays a list of suspicious processes that were detected in the RAM of the hosting account and forcibly terminated by the antivirus. The presence of such processes indicates that there are vulnerabilities in the site code that attackers use to upload malicious code.
The site developer needs to carefully analyze the detected processes, identify their source, and eliminate vulnerabilities in the site code.
