• The FTP password was hacked (mostly via the local PC)
• There is a security gap in the CMS (e.g. WordPress or Joomla) or their extensions / themes

If a virus is detected by our virus scanner, we inform our customers by e-mail. A virus scan takes place once a night, in addition a PHP upload is checked for viruses.

Upload attempt: nothing really happened. Someone tried to upload malicious code, but our virus scanner prevented this. You should check whether there is possibly an upload option that can be exploited.

Virus discovery only by ClamAV (Further action: none): The virus was only confirmed by ClamAV, other virus scanners did not issue a warning. This may be a false alarm. The file is not moved to quarantine.

Virus found by ClamAV and others (More action: moved to): ClamAV and at least two other virus scanners have confirmed the virus. There is a high probability that it is malicious code. The file will be quarantined.

Under the following links you will find various plugins/programs for malware detection.

http://www.stopbadware.org/common-hacks
http://docs.joomla.org/Vulnerable_Extensions_List
http://itpixie.com/2012/06/wordpress-exploit-alert-uploadify-php/#.UMtXiayundE
http://wordpress.org/extend/plugins/exploit-scanner/
http://wordpress.org/extend/plugins/antivirus/
http://extensions.joomla.org/extensions/access-a-security/site-security/site-protection
http://drupal.org/project/clamav

Examples of what malware does:

- Index files are manipulated, Javascript or PHP code is inserted at the end.

- Often the code is obfuscated in such a way that a human viewer can no longer understand what is happening there.

Example Javascript (outputs "hello world"):

.htaccess files are created to redirect to other pages.

• Malware is installed on your website visitors' computers
• Phishing/Spamvertised Content (http://en.wikipedia.org/wiki/Spamvertising) hosted
• Your webhosting package is misused for spam delivery
• Attacks (DOS, Brute Force, etc.) are launched on other servers from your website.

- Depending on the severity of the incident, it may lead to a partial or complete suspension of domain and/or webhosting package. For example, a partial block would only be the sending of email via PHP.

- Normally the customer will be informed in advance and given 24 hours to solve the problem.

- In particularly severe cases (extremely high server load, dispatch of several thousand emails in a short time) to protect our other customers.

- Sending spam can lead to blacklisting, high server load limits the complete scope of services.