I got an email this morning from Powweb saying that they've disabled my site due to finding malicious files.
Why would you disable my entire site without warning? It turns out the files were from an old wordpress installation that had been compromised by some script kiddies. I had cleaned it up and apparently there were some remnant files left behind.
I'm absolutely fine with Powweb running these scans but they should send a warning before disabling the entire site! I would have been fine with an email saying you have 24 hours to clean up your site or it will be disabled.
I cleaned up the files then replied to the email asking for my services to be reactivated. When I got no reply from that, I contacted live chat and was told it will take 12 hours for my site to be reenabled!
So Powweb will shut down my site without warning and no matter how quickly I respond and fix the issue, I'll be offline for 12 hours???
Considering that the email ends with a suggestion to use powwebs new "Sitelock" tool, which of course costs an extra fee per month, this is looking more like a ransom demand than anything... "If your site ever has any malicious files, we'll shut it off for at least 12 hours. ...but if you use our paid service..."
This is ridiculous. I sincerely hope that Powweb decides they need to either give warnings first, or reactivate sites much faster. If not, they'll lose customers.
No one should have to worry that their PAID service may be shut off at a moments notice and kept offline for 12+ hours unless they pay for another monthly service. If this was a FREE web site, I'd have no complaints. I am PAYING for service that powweb has chosen to stop providing for 12 hours at a time. Will I be credited for the downtime imposed upon me?
Here is the email I received:
When we conducted a routine scan, we found the infected or malicious files in your account [my account name]. We have uploaded a file named 'list.txt' within the directory /stats/ of your account which contains the full list of files.
To prevent these from being used to infect additional files on your account, and to prevent potential issues for visitors to your website or your domains status with search engines, we have temporarily suspended web services.
This kind of attack takes place when the FTP account credentials are compromised or due to loopholes in your scripts. We request you to either remove these scripts or replace them with clean copies. If possible it's recommended to delete the entire site and upload a known clean copy; this should then erase any other code which may have been injected into your pages to allow 'back-door' access by unauthorized people.
Once services are restored it's recommended that you take the following actions to secure your account from further malicious attack:
1. Upgrade all the applications in your account, including any extensions/themes, to their latest stable versions.
2. Update your control panel and any additional FTP account passwords.
3. Remove unwanted FTP sub-users.
Please take appropriate actions and reply back to us so that we can restore the services.
If you require additional help in securing your website, we recommend you to use SiteLock Fix product which scans your website daily and removes any malicious contents. To learn more about it, please visit the link below:
We thank you in advance for understanding. Your cooperation will help us provide optimum service for you and all of our customers.
[name of person withheld by me]