I've received both an email and a phone call from GoDaddy saying "scans flagged your michaelcolavolpe.com hosting accounts as containing possible malware." My site is a simple 5-pager created using Sandvox (on a Mac, obviously). Scanning the site using both "sitecheck.sucuri.net" and the Mac "Malwarebytes" app returns a clean bill of health - no malware detected. (also no blacklisting, no injected spam, no defacements).
I'm a running the latest version of Sandvox and have never tinkered with the template I've chosen (named Blueprint), other than to add either text, photos, or links. GoDaddy seems to think the following files are the problem:
rex.multi_vars.004 - html/.hcc.thumbs/.hcc.email_noversion.php
htaccess.spam-seo.redirect.006 - html/.htaccess
rex.multi_vars.004 - html/cinmwkdd.php
php.spam-seo.doorway-gen.043 - html/krissy-bitterness.php
rex.multi_vars.004 - html/php_uploads/4bc3cbf4_noversion.php
rex.multi_vars.004 - html/sandvox_Blueprint_modern/images/ie6/note-center_bck_old.php
rex.multi_vars.004 - html/sandvox_Blueprint_modern/images/note-center_backup.php
rex.multi_vars.004 - html/sandvox_Blueprint_modern/License_noversion.php
rex.multi_vars.004 - html/sandvox_Blueprint_modern/modern/h2-annotation-bg_indesit.php
rex.multi_vars.004 - html/tour_dates_infoold.php
rex.multi_vars.004 - html/_Media/mcolavolpe_resume_2015-2_med_hr_ver1.php
rex.multi_vars.004 - html/_Resources/jquery-1.9.1.min_prevv1.php
So I'm confused as to what I'm supposed to now since there doesn't appear to be anything wrong.
Thanks in advance!
Do those files exist in the content sandvox uploads?
If all your content is available locally it'd probably be pretty easy to delete everything and upload a known good copy of your site. Even if you're not using php you should probably make sure your hosting is set to the newest version it supports as well.
Thanks for your response. I did some more research based on your reply and I think I narrowed it down to a fairly common .htaccess hack. There's one file in the list i cannot delete, however, since it's read-only. Hopefully it's not part of the problem.