If you receive an email saying "[Important: Reply required] Confirmation and response regarding the detection of unauthorized content"

If you receive an email with the subject "[Important: Reply required] Request for confirmation and response regarding the detection of unauthorized content" to your registered email address, please follow the steps below and contact us as soon as possible. Please take action.

Contents of correspondence

Dealing with unauthorized content and files is outside the scope of our support, and we are unable to provide detailed guidance.

Please check the following 4 items and contact us.

  1. See all files in your account
  2. Compatible with WordPress, etc.
  3. Contact after correspondence
  4. If you are unable to do so yourself
      • Request to a specialist
      • Account initialization

1. Check all files in your account

The fact that an unauthorized file was detected by the security software means that there is a path to install the unauthorized file.
Even if you delete only the detected files, there is a possibility that other files may have been tampered with, or unknown files may have been installed. Be sure to check all files in your account.
For information on how to check files on the server, see "How to use the file manager".
"If the measures are insufficient, there is a risk of repeated tampering." If it is difficult for you to deal with the problem yourself, we recommend resetting your account.


2. Compatible with WordPress, etc.

If you are using WordPress, please check "Minimum Security Measures for WordPress" and take appropriate action.


3. Communication after correspondence

After completing the above items, please copy and fill in the items below and reply to the email.

--------------------------------------------
・I checked all the files in my account.
(Yes/No)
・Supported "Minimum Security Measures for WordPress".
(Yes/No)
--------------------------------------------


4. If you are unable to respond by yourself

  • Request to a specialist

If it is difficult for you to handle it yourself, please consider requesting a specialist to investigate and make improvements. If you search for "WordPress tampering recovery" etc., you will find multiple specialized companies.
Our company does not provide support for tampering with WordPress, and cannot provide detailed guidance. Please see our Support Policy for more information.

  • Account initialization

If it is difficult for you to handle it yourself or ask a specialized company, or if you wish to rebuild the site, we can initialize the server at our company.
When initializing the server, all data, including the add-on domains associated with the initial domain, will be erased and cannot be restored. Please back up any data that should not be deleted.
If you take a backup, you will also get a backup of files that have been tampered with or contaminated, so please only take backups of files that you think have not been tampered with.
"If you agree to the above, we will initialize it." Please copy and fill in the following items and reply to the email.

--------------------------------------------
・Account you wish to initialize:
・With the understanding that all data will be deleted and cannot be recovered.
Apply for initialization. :(Yes/No)
--------------------------------------------


How to check the detected files

For the Imunify360 deployment server

It is possible to check invalid files detected by "Imunify360" in cPanel.

Please follow the steps below.

STEP1: Login to cPanel

If you do not know how to log in, please refer to the help page below.

cPanel login method

STEP2: Click "Imunify360" in the "Security" menu

Screenshot_Capture_-_2022-03-14_-_19-16-20.jpg

STEP3: Check "Malicious" and "History"

Screenshot_Capture_-_2022-03-14_-_19-17-25.jpg
For servers without Imunify360

You cannot check the list of detected files.

We will inform you of some of the detected files by e-mail, so please check the text of the e-mail.


About the causes of bad content

It is believed that a vulnerability in a program installed within the customer's server area was exploited. Details such as which program became the intrusion route are not covered by our support, and we are unable to provide detailed guidance.
For the cause, please investigate by yourself or consider requesting a specialist. For more information, please refer to "Support Policy".

 

Was this article helpful?
2 out of 9 found this helpful