cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Strange PHP scripts appear in my 'Classic' hosting webroot ... probably affects sendmail

Hi,

 

I have the old "Classic" Deluxe hosting on Godaddy. Off-late i found that my web server 'sendmail' is not working. So php scripts on my server which use the 'sendmail' to send me notifications about my website have stopped working as a result.

 

Now i have checked my webserver root directory and found that there are some weird php scripts inserted in my server which was not done by me:

 

Name of the files are: austin-dimes.php, baccarat-instabilities.php, billfold-aristocracy.php, doubling-blackjack.php, facility-irishman.php, fanciful-concreteness.php, jude-bilingual.php

 

On further investigation of the files, they contain some weird php scripting which i cant seem to understand. For now i have left the same on our server to request someone from Godaddy to check why these files are inserted into our server without our knowledge. Have we been hacked? However all my sites are working normally. Also have noticed that my root .htaccess file has additonal info added to it which is not done by us.

 

Also, I did a google search for why my 'sendmail' problem was affecting me and found that there was a relation to these files being present which caused the server to send out spam and hence block sendmail. Someone had a kind of similar issue and he discovered some strange php scripts were inserted into his 'webroot' which caused his server to spam out and get the 'sendmail' function blocked.

 

Ref Link : https://www.godaddy.com/community/Managing-Web-Hosting/Web-contact-form-stopped-working/td-p/18911

 

Right now 'Sendmail' does not work for any of my scripts. Appreciate if someone from Godaddy can help with this issue or advise what i can do to rectify the same.

 

Thanks,

Chris

 

 

 

3 REPLIES 3
Retired
Not applicable

Re: Strange PHP scripts appear in my 'Classic' hosting webroot ... probably affects sendmail

Hi,

After speaking with support and taking precedence over the following advice:

 

I would first ask myself how those files were placed there? There has obviously been a security breach somewhere. 

I would use your 'pure' site backup files, delete all files and replace with backup ones, run a decent antivirus program on a regular monthly basis. Change all passwords. Don't ever install 'free' software unless from reputable known source (especially Wordpress stuff). When I say 'pure' site backup files I mean the original clean files. There are many good antivirus products, but read reviews first.

 

Good luck.

Re: Strange PHP scripts appear in my 'Classic' hosting webroot ... probably affects sendmail

Hi . thanks for the feedback and i will try to do that.

 

However how do i resolve my "sendmail" issue from php scripts. It does not work anymore now.

 

Is there anything i can do to fix this ? or has godaddy discontinued 'sendmail' service ?

 

Appreciate your thoughts! thanks

Re: Strange PHP scripts appear in my 'Classic' hosting webroot ... probably affects sendmail

As far as I can tell, this has been an issue with Godaddy Classic hosting since 2010, when users started complaining about mysterious PHP files appearing.

 

That GD uses this as a vehicle for pushing their SiteLock product is reprehensible.

You may want to research setting up an .htaccess file to disable server-side scripting.

I don't give GD a snowball's chance in hell for updating their shared hosting classic Linux account software.  But I'm willing to be proven wrong.

 

The funny thing is that their SiteLock promo software says that it's impossible to manually scan an entire website's contents for malware.    That doesn't bother me--I simply delete the entire website and reload it from a backup copy.