Every few days we run virus scans on each account on our servers and save the output for you so you can check it.
It’s very easy to check – simply visit the webpage www.domain.com/scan.txt where domain.com is your main domain.
Note that this must be the main domain for your account; it won’t work on other domains (ie addon or parked domains).
Any lines mentioning files indicate a problem of some sort, though in general the only lines you need to really worry about are Viruses and Fingerprint Matches. You can also look at the summary lines at the bottom – anything other than “)” in the lines below means you are infected and should contact us.
Suspicious matches: 0 Viruses found: 0 Fingerprint matches: 0
An example of a clean sites scan.txt
An example of an infected sites scan.txt
Websites are infected through old software and stolen FTP usernames/passwords. Updating your software and keeping it up to date is the best way to avoid infections.
Websites can also be hardened to reduce the likelihood of infection – this involves updating and tuning your website in such a way that it’s less likely to be hacked. We’ve developed our own process for this which includes installation of a WordPress firewall (WordFence), changing admin name, preventing execution of uploads, checking plugins, updating and auto updating, and quite a few others. We’re happy to help you with our detailed process on request; though of course nothing is stopping you doing some of these yourself.
Even up to date software is hacked sometimes through new weaknesses; though it’s unusual. In security industry lingo, this is called a “zero day” weakness (or exploit). We have software filters in place on the whole server, and while they are very effective (and frequently updated) sometimes new issues can find a way around them for a period of time. This is generally pretty rare.
If you’d like your site scanned for viruses on a daily basis, with an email when there’s a problem; contact us as we’re about to release a feature that does that.