The account is suspended for spam and viruses

Sending spam and exceeding the CPU resources are often the result of malicious processes. As a rule, the website owner may find out about the presence of viruses only after the account is suspended.
If you received such a notification, contact support to remove the account suspension, after which access will be restored.

Infection with a virus happens through external requests to the website, so it is crucial to block access to the websites while viruses are being eliminated. If you don’t do it, the website will be re-infected and your virus removal efforts will be useless. Technical support will open access to the account while keeping access to the websites blocked.

First, you need to run an antivirus scan. You will need a dedicated website antivirus software. Here are some of them: Manul, ai-bolit, Santi. We recommend using ai-bolit, as it offers good results out of free antivirus software.
To run an antivirus scan, follow these steps:
1. Sign in to your account. In the panel on the left, select a corresponding hosting service. In the left panel, enable SSH access.
2. Sign in using SSH with the help of putty utility. You can download it from the official website at putty.org. To sign in, use the cPanel credentials from your account: login, password and host. Port 22.
3. Run this command in putty:
mkdir ai && mkdir ai/reports && cd ai

4. Go to the official website of the antivirus and download the archive with the antivirus: ai-bolit.zip (Ai-bolit for a website, universal version). Upload the archive into the ai folder in your account. Run the following command in putty:
unzip ai-bolit.zip && php $HOME/ai/ai-bolit/ai-bolit.php --path=$HOME --report=$HOME/ai/reports/report.html --mode=2 --skip=jpg,png,gif,jpeg,JPG,PNG,GIF,bmp,xml,zip,rar,css,avi,mov

Remember that content of the clipboard can be pasted in the putty window with a regular right-click or by pressing Shift+Ins.
5. Wait until the scan is finished. Find a report in the ai/reports folder.
Signs of infected files:
- unreadable or too general file names;
- digits in file names;
- unreadable variable names;
- the presence of hashes, base64_decode, eval, exec functions.
To eliminate viruses, replace infected files with clean copies of the engine/module/theme downloaded from official sources. If the downloaded copy does not contain a certain file, delete it.

Related Articles

How to move your website to the hosting

Website migration to the hosting is a simple process that can be done even by a beginner. All you...

Export and import databases in phpMyAdmin

When you move your website to the hosting platform, most frequently, you also need to move your...

Change PHP version

With our hosting, you can select a PHP language version that fits your website. PHP version can...

Install SSL certificate

You can install a free Let’s Encrypt certificate with any of our plans. To connect an SSL...

How to speed up server response time

Server response time is a value consisting of the time spent on the path from the customer to the...