Support

Your site IS NOT at risk. Quite the opposite.

This is a plain text, not executable, log file. It logs (keeps a record of) all attacks launched against your site and blocked by Admin Tools. In other words, it's a record of what Admin Tools has stopped. Of course it will contain "malicious" data by definition: it's the information attackers submitted to your site. However, since this is an inert, non-executable, plain text, log file your host has no reason for flagging it.

Please contact them and let them know that their detection software is broken.

Should I delete the file? I have some services blocked because of that.

No. It's a log file, for crying out loud! God forbid your site getting blocked every time someone attacks it! This completely defeats the purpose of protecting your site.

Please contact them and let them know that their detection software is broken. If your host is blocking your site because of a non-executable log file and they can't fix then they don't know what they are doing. In this case you should just move your site to a hosting company that actually knows what it's doing.

Also, why I can't access the administrator? AdminTools popup window comes up and I enter the username and password and it will redirect me to the frontpage.

Possibly related to the "blocked" services. Try deleting the .htaccess and .htpasswd files from your site's administrator folder.

I am searching for a diplomatic way to say this, but I have already exhausted my diplomacy in my previous replies.

Your host is overrun by stupid if they actually really think that a PLAIN TEXT LOG FILE can be "infected" as the screenshot you sent me reads. It's like saying that this image of the influenza virus is "infected", i.e. any contact with it will make you ill. If a doctor told that to me I would tell them that they are a clown and run as far away from these idiots as I can. This is EXACTLY what your host is doing. It tells you that a log file (a snapshot of an attack) is the same as the attack itself. That's incompetence of the worst kind.

After a good 15 years in the field I have determined that you cannot fix stupid. In this spirit I am asking you to move your site to a host that's not completely overrun by stupid. For example, go to SiteGround, Rochen or CloudAccess - in no particular order, these are some of the hosts I have used and didn't drive me completely insane.

I hope that this far less diplomatic reply is more clear on what I believe about your current host.

I'm sorry, but you seem to not be reading my replies and assuming that I am angry. I am not angry, I just hate repeating myself. This is my last message before locking this thread.

Someone has tried to attack your site.

Admin Tools stopped the attack.

Admin Tools keeps a log file of all attacks it stops.

This log file is located in the file log/admintools_breaches.log where "log" is your site's log directory.

The natural permissions of this log file are 0644 as they should be for any file (owner: read and write, everyone else just read).

The log file contains a copy of all the data the attacker sent to your site. Therefore the log file contains the malicious data the attacker tried to use to attack you. This data did NOT come through. This is why it is in this log file.

The log file is a plain text file. It is not executable.

If files are cars, this file is a horse drawn carriage without horses. It cannot go anywhere.

Since this file is not executable, it cannot be "infected".

By definition, an "infected" file is an executable file which contains malicious code. When the malicious code in the infected executable file is executed in your site bad things happen.

This file not being executable means that the malicious data (not code) CANNOT be possibly executed.

Also note the distinction between malicious data and malicious code. The log file does not contain any code. Code is instructions which can be executed to do something. This file is devoid of such content.

Therefore we have a file which has not any executable code, malicious or otherwise, and is also not executable.

As a result, you cannot call it "infected" in any possible way.

Even though this file contains malicious data, this file is NOT parsed in any way by anything else. This is why it's called a log file.

As a result, this is a completely inert file.

Therefore calling it "infected" is a mistake of the code which reports it as "infected".

We did not write that broken detection code.

This broken detection code is not part of cPanel proper.

This broken detection code is something that your host has installed on their hosting environment and which they made accessible through cPanel.

Their broken detection code misidentifed an inert file as "infected". As a result it did many things which I cannot in good conscience call clever or even necessary. One of these was changing the log file's permissions to 0000 which is not only unnecessary but completely pointless as well: as the owner of the file you -and any code running on your site- can change these permissions back to 0644 or whatever they want, proving that your host doesn't really know what they are doing. But I digress.

Since cPanel is an integral part of your hosting you cannot "change your cPanel" (sic) without changing hosting.

Therefore what you propose doing and what I told you would be a viable even though undiplomatic alternative is one and the same: change your hosting provider.

However I said that this is your last resort.

If you ask me what you should do, it's what I wrote in my first and second reply: contact your host.

I am going to close your ticket now since this is the fourth time I am writing the same thing. This is no logner productive. You have been told what to do, please follow my instructions. Thank you for your understanding, have a good day and good luck with your host.

This ticket has now been closed.