Antivirus scanning on the hosting platform

Malicious actors are constantly trying to install harmful code on other people's sites. This code is used for activities such as: sending spam, network attacks, further infection of other people's resources. This often happens because of FTP and hosting control panel password theft, as well as vulnerabilities in popular CMS: WordPress, Joomla!, Drupal.

Such activity cybercriminal activity interferes with the normal functioning of both your sites and the sites of other clients. Therefore, the hosting platform automatically scans new files for malicious code several times a day. If the code is detected, measures are automatically taken to remove it, and a corresponding notification of the following form is sent to the client:

{HEX}php.base64.v23au.186 :
=> /usr/local/maldetect/quarantine/xml.php.2618924006
{HEX}php.base64.v23au.186 :
=> /usr/local/maldetect/quarantine/dir56.php.104017012
{HEX}base64.inject.unclassed.7 : /var/www/example/data/www/
{HEX}php.base64.v23au.186 :
=> /usr/local/maldetect/quarantine/login.php.2603530476
{HEX}base64.inject.unclassed.7 :
=> /usr/local/maldetect/quarantine/framework.php.260901782

Custom Server

Custom server

Create your own custom dedicated server

See configurator

What to do if you find malicious code on your site?

Unfortunately, simply removing malicious code is not enough. It is necessary to take measures to prevent re-infection of your site: since this procedure is automated for attackers, «reinfection» can occur quickly. That's why:

  • The customer should assign new strong passwords for access to FTP and hosting control panels, as well as take measures to ensure that these passwords are not compromised. In particular, they must be unique, for example, not the same your email passwords. Do not write down passwords in popular FTP clients: their system for storing this kind of confidential data is very unreliable.
  • The second important step is to update the CMS on the site to the latest version in order to eliminate vulnerabilities. The developer’s website will contain information on how to do this. It is also important to update not only the CMS itself, but also all extensions, add-ons, themes, etc. installed in it.
  • Customers are advised to update the CMS regularly. On the one hand, this helps avoid infection in principle, and on the other hand, updating between minor versions creates fewer problems and helps the system run more smoothly. While older CMSs (for example, those that are more than a year old) are a good target for attackers, updating a CMS is much more likely to cause problems.

After all the necessary measures have been taken, you should notify the SIM-Networks support service. This is important, because otherwise, in the absence of any feedback from the client and the identification of incidents of re-infection, the operation of the site may be suspended.

The scanner may have false positives, i.e. situations where legitimate code can be mistaken for malicious code. This happens happens when developers use various measures to protect their intellectual property. In this case, you need to contact the support service and explain what these files are for. They will be restored and added to the exclusion list.

Was this article helpful?

Did you like the article?

Cookie consent

By clicking «I agree», you consent to our website's use of cookies to give you the most relevant experience by remembering your preferences and repeat visits. However, you may visit «Manage сookies» to provide controlled consent. Learn more

Cookies settings


Necessary cookies are crucial for the basic functions of the website and the website will not work in its intended way without them.


Analytical cookies are used to understand how visitors interact with the website.


Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns.