Now, CryptPHP is a horror that's haunted several hosts, And even websites.
Websites often get infected with CryptPHP via "Nulled" scripts, Such as Paid Plugins
which are offered from an alternative website without any cost. Usually these "Null"
providers will inject their own "special" code. This is where things get nasty.
So the web host themselves won't get affected (We're talking credit stuff and personal things)
Because they usually jail the websites hosted on their servers, But what this will do is open backdoors
on the website that installed this "Pirated" plugin, etc. These scripts often cannot be "simply" removed,
and alot of the time, require that the CMS is completely re-installed (Yea, being a pirate was never a good thing)
So, These "Nulled" scripts Are reffered to as CryptPHP and are often identified as being names "social.png" Which
seems like a photo file, but contains malicious executable code. The result of executing can range from Sending spam,
or creating open connections to other web servers.
(opening webpages on other web servers)-- Now say you have 100 compromised websites that you managed
to get CryptPHP installed on. You now have slight controll of 100 Websites here, Immagine that you send a command
to these 100 "robots" to each open a connection to sanral.co.za, This may exhaust some of their web resources
(This is very bad mkay.)
This is now affecting you because some other person [with a website ](now fancy website because he has a ""free"" plugin installed) managed to affect the server you're hosted in, hence getting the shared server you're probably hosted on as well, blacklisted. Yes, There are ways to detect this script automatically, but as I mentioned
earlier, It's not always the same, and damage to the website is often very very hectic. Alot of the time, this requires manual detection, until a system can be put in
place to automatically detect and disable the site. ( These will have to learn the pattern first )
How to go about this
You usually need to notify your host on this issue (For your case, Afrihost) and let them know of the error you're getting, and how they can replicate it.
They'll first have to manually scan the server, Lock the infected domain, and request the delisting of the shared server you're on.
Some cases this goes very quickly, or some cases (in Microsoft Cases) A report will have to be filed by the host to Microsoft for review. and Microsoft will remove the listing.
Now if you ever get this with any other host, you can do a whois lookup on the domain that's being affected (Even if it's not the "infected" domain) And you will
notice "email@example.com" This is the department within that hosting provider that has direct contact with the blacklists and usually know how to deal with these issues
as fast as possible. (It's recommended you email firstname.lastname@example.org if this hasn't been fixed by now)
Anyhow, This is as much as I have on this issue, I may be wrong in some places (or all of the places) But this is my view on the issue, Others can comment in
which may be able to assist more on this issue.
p.s. This isn't really a support platform, but more of a public realm that can get you some useful advice or knowlege. Things here
could range from how to groom your dog the correct way, to why pac-man looks funny. So it is strongly recommended, for any issue that's affecting business
or your stress levels, Email email@example.com. Also, another pro-tip, If it's anything department specific, you can use some of the emails below which could
get you help much faster than usual.
firstname.lastname@example.org -- This should goto Afrihost's Hosting department (Not recommended for your issue)
email@example.com -- This should just goto their general support (Also not recommended but you can if you want)
firstname.lastname@example.org -- This is the department that deals with abusive cases such as malicious code on shared servers and such (Recommended for you)
There's other things I could include, but I'd say the request will have to be a bit more specific!