Opus Interactive on location interview
Opus Interactive on location interview

Opus Interactive on location interview

By |
Share
Share
+1
Shares 0

Today on episode 16 of Web Hosting Podcast, I venture out on location to talk to Shannon and Eric about their company Opus Interactive.  We also now have a phone number for the podcast for you to call into.

Opus Interactive is located in Hillsboro, Oregon at the Infomart Datacenter, this is the same world class facility that Linkedin chose to house their infrastructure. Opus Interactive has additional locations in Portland, Silicon Valley and Dallas with more coming online. The Hillsboro facility is 345,000 square feet and has 24 MW (megawatts) of power. That is enough to power almost 4,000 homes according to some sources. I would highly recommend that you visit their website for more information on Opus Interactive and the services they provide.

We now have a google talk phone number that you can all into the show on. On Thursdays, from 9am PST – 12PM PST, I will be taking calls. If you have a question, idea, or just need some guidance, feel free to call the number and press 2 when prompted. This will put you into a queue that will allow me to take your call on a first come first served basis. If you would like to just leave a message, you can press 1 and I will get that voicemail emailed to me. Please make sure to let me know if I can put the recording into the podcast. If you are not comfortable with that idea, then no problem, just let me know. Since this number is a google talk number, I have no idea how well it will work. This is an experiment that I have wanted to try for quite a while, please keep that in mind.

Web Hosting Podcast Phone:
971 249 2359

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | RSS

How is your web host possibly failing you?
How is your web host possibly failing you?

How is your web host possibly failing you?

By |
Share
Share
+1
Shares 0

Megan Ferrell of websites503.com joins me to discuss,

How is your web host possibly failing you?

 

  • Security communication – security (awareness of vulnerabilities), transparency of security information. Notification of security changes in the industry that could affect you and your potential customers. This would include things like PCI, GDPR , SSL/TLS changes just to name a few.
  • General information – weekly or more updates via newsletter with information that is valid and current. Not just a “hello we are alive, spend money please” Can be done via social media or blog posts as well.  As long as it is active!
  • Keeping old software versions alive – old no longer supported versions of php, apache, mysql, etc with no hope of moving off of them. Ensuring your host provides current versions of software to ensure you are running current.
  • No other service options – not providing services you may need to grow (marketing advice, development advice, update services, moving to SSL)
  • Proactive and not reactive – notifying you that your site plan may need to be increased before it becomes a problem for you. Notifying you that you are running outdated software before it becomes a big problem for you. Working with you to ensure you are taken care of before things become your problem to deal with.
  • Easy to contact – whether via email, online chat, slack, phone call or smoke signals it should not be difficult to get a correct answer. The support person should be proven to be industry leaders, after all you are paying the hosting company to provide professional and competent employees.
  • Documentation – good current documentation, knowledge base, videos

 

Security news!

Security updates for drupal 7.X and 8.X that are critical!
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised.
Drupal Info Here

WordPress 4.9.5 addresses some security and bug fixes.

WordPress versions 4.9.4 and earlier are affected by three security issues.
WordPress Info Here

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | RSS

Robert Indries of dgstudio.com is our special guest to talk marketing, development and hosting.
Robert Indries of dgstudio.com is our special guest to talk marketing, development and hosting.

Robert Indries of dgstudio.com is our special guest to talk marketing, development and hosting.

By |
Share
Share
+1
Shares 0

In this episode I talk with Robert Indries of dgstudio.com about marketing, development and web hosting.

dgstudio.com is a full service creative agency for your business brand and website.

Robert, gives some great advice about getting your marketing brand out there. He provides several tips for things you can do for free as well as what not to do.

If you would like to be our next special guest on web hosting podcast, fill out the contact form here and we will make it happen. Please be sure to include a topic you would like to discuss.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | RSS

MIGRATING YOUR SITE TO HTTPS WITH INSTALLATRON.
Migrating your site to SSL : HTTPS with installatron. Useful website tools to use for your site.

Migrating your site to SSL : HTTPS with installatron. Useful website tools to use for your site.

By |
Share
Share
+1
Shares 0

Useful website tools to use for your website.

https://www.ssllabs.com/
This is a useful site to check your site for proper ssl settings. You will get a grade once the report is done. An “A” is the best, while a “B” would be acceptable, you should really try and get the “A” grade. I would also recommend when you do your test that you click on the check box that says “Do not show the results on the board”, unless you have a perfect score you want to show off.

https://haveibeenpwned.com/
This site is useful to check if the email you use for logins has been seen on hacked lists. It is also very useful to check the security of passwords you use for logins.

https://www.whatismyip.com/ – list your current IP address

http://www.whatsmyip.org/ – Not to be confused with the .com version of the site. Many useful tools from gzip testing, to password generation. Not as useful as it once was since it does not seem to handle https based websites. But the DNS tools and password generator is quite useful.

https://checkgzipcompression.com – another tool for checking to ensure your site is using gzip compression. This one works with https based sites.

Speed test – google and http://www.speedtest.net/

https://slack.com – Team focused chat with many useful options.

Moving a site to ssl with installatron one click installer. This assumes you are using cPanel with autossl enabled.

1. Test your site to ensure you have a ssl certificate installed. This can be done by going to https://yourdomain. If you your site loads with no errors you can proceed. Some common issues you may run into, site is not fully secure and ssl mismatch. You may need to resolve these errors before you proceed.

2. Inside of your cPanel account, create a new subdomain using the subdomain tool. You will need to wait for the server to generate and install the free SSL certificate for this subdomain. You can test this just like step 1 above.

3. From inside of installatron, clone the live site to the new subdomain, but make sure to select the https version of the subdomain. This should only take a few minutes depending on the site size. This will create a complete copy of your site and move it to the subdomain you created. You can now test the site and fix any issues you may have by going to the subdomain https site. For example, https://subdomain.yourdomain

4. Once things look good on the subdomain, you can go into installaron and clone the site back to the live site but use https version in the drop down.

5. Once the live site is cloned back to https, test again. Things should have been resolved when you used the subdomain, but there may be some lingering links or code that may need to be changed.

At this point your site should be using a valid SSL certificate. If you are uncomfortable doing these steps you may want to contact your developer or your hosting company to see if they can help you out. I would also recommend that you have a full backup of your site before proceeding with anything that is going to change your site. This would include installing plugins, updating core site files, etc… A backup is a simple way to ensure you have a way to get back to a known working state.

Please understand that you use these instructions at your own risk.  I do not acceptable responsibility for anything you do to your website.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | RSS

Commonly used web hosting terminology.
Commonly used web hosting terminology.

Commonly used web hosting terminology.

By |
Share
Share
+1
Shares 0

I discuss some of the more basic web hosting terminology used.  This is the link I used for the glossary of terms.

This episode may be a little basic for some listeners, but I want to make sure that everyone knows the terminology and language that we talk about. My hope is to bring some listeners up to speed that may be confused by some of the terminology used in hosting. Again, this episode may not be fore everyone.

Additional information you should know:
Google will be marking all sites that DO NOT use https, ie http, as not secure starting in July 2018.  This will happen with chrome 68. If you are not using https on your website, you have a limited time to get this going. What this means is users to your site will start to see a “not secure” icon in the title bar.  This has the potential to scare away your users/customers.  If you are currently not using https, your SEO is most certainly being affected, this is another reason you really should be using HTTPS.

Gutenberg is coming to WordPress 5.0 are you ready?  For those of you that may not know, gutenberg is the new editor that is coming out in wordpress 5.0.  There is a current test release you can install through a plugin.  I would not recommend doing this on a live site, it is still quite beta and breaks a lot of things.  It is coming though, so if you have a test site I would recommend installing it there and take it for a spin. More info on WordPress and gutenberg can be found here.

This podcast now has a facebook page.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | RSS

Marketing Automation with Mautic
Marketing Automation with Mautic

Marketing Automation with Mautic

By |
Share2
Share
+1
Shares 2

What is Mautic?

Mautic is a marketing automation platform.  There is a paid version at mautic.com and a open source self hosted community version at mautic.org
First, lets talk about marketing automation.  If you are familiar with applications like, hootsuite, hubspot and mailchimp, then you likely have already seen or used a marketing automation tools.  The idea or concept is simple, marketing automation is the act of using software to automate marketing actions.  This alleviates the repetitive tasks that are executed during a marketing campaign.  These could include, email, social media, and other actions related to marketing your online presence.
Mautic is either a paid solution or a self hosted open source solution.  I am going to specifically discuss the mautic.org version or self hosted version.

Requirements:

PHP 5.6.19 php 7.0 supported
Mysql with innodb 5.5.3
Web server: apache 2.x, nginx 1.x , iis

Pro:

Free with a paid option, active development and updates. Active community. Addons for just about anything you can think of. Works both in desktop browser and mobile friendly.

Cons:

Not the easiest to install. Must setup cron jobs correctly. Documentation is a little lacking in clarity. Easy to get overly excited about all the options, sidetrack syndrome.

mautic includes 31 integration plugins installed by default (list below).  This can be expanded by installing additional plugins from the mautic marketplace located here.  There are also many ways to integrate common CMS applications into mautic, like wordpress, magento or woocommerce by using CMS plugins.

Mautic plugins available after install.

Amazon s3
Clearbit
ConnectWise
Constant Contact
Dynamics CRM
Facebook
FourSquare
FullContact
Gmail
Google+
GoTo Suite
HubSpot
iContact
Instagram
Linkedin
MailChimp
Mautic Focus
OneSignal
OpenStack
Outlook
Pipedrvie
Rackspace
Salesforce
SugarCRM
Twillo
Twitter
vTiger
Zoho
I personally have been using the twitter plugin and a plugin for wordpress.  The wordpress plugin allows my contact form data to be inserted into mautic.  I use contact form 7 and the associated mautic plugin to do this.  The twitter integration allows me to gather twitter data that is permitted by the twitter API and capture it inside of mautic.
The email portion of mautic allows you to do targeted email marketing using contacts you collect.  The collection process can be any way you choose.  A simple example would be from a contact form on your site, or maybe through a e-commerce platform that would allow you to collect your customers contacts for future campaign targeting.  How you choose to get the contacts is up to you and your platform of choice.

Workflow concepts in mautic:

This is a big subject that I am still learning about.  One of the interesting features of mautic is the ability to create a workflow of actions based on rules and triggers you setup.  For example, I collect information from twitter.  I can then decide to collect those twitter users inside of mautic.  My rules I have setup collect information from hashtags.  I use two distinct hashtags to collect my target.  #wordpress and #webhosting, are my chosen tags to capture, and once a contact is pulled in, I can then define an action.  These actions can be used to trigger other actions.  For example, when I capture a contact through twitter their base points are 1, if they use the hashtag #wordpress they are given 2 more points, another 2 points for using #webhosting, and another 2 points if they mention me on twitter.  If a contact reaches 8 points, I can choose to execute another action, if I have their email address I can send them a personalized email.  Since I am collecting leads through twitter, I have their twitter name, I can now sent the contact a personalized tweet when they reach 8 points.

Forms and PopUp on your site:

With mautic, you can create static assets (Images, pdf), forms, dynamic content, and landing pages.  This allows you to collect contact infomation by offering them a pdf, for example.  You can have pop overs to promote something through the website.  These are done by first creating your component, then adding a small bit of code to your site.  Other ways of doing this is through plugins, wordpress has a supported mautic plugin that is free to use.

Other ideas:

e-commerce (woocommerce), target users from your store that order more than X times, you define what X is.  Example: if you have a customer that orders 3 times, then you could send them a custom coupon code for being a loyal customer.  If they order 5 times, maybe send them a free gift.  You can also organize your customers by location.  Maybe you want users that order 5 times that are located in the United States to get a free gift, while ignoring customers outside the defined area. Capture lead information in exchange for a free PDF download.  This is often used by marketers that want to make something available but not charge for it.  Capturing the lead becomes the actual cost and your contact database can be one of the most valuable assets for any business.  Since mautic also uses the MaxMind GeoLite2 database, you can track IP addresses that come to your site.  This gives a a very fine grain way to track customers point of entry.  This same information can be obtained through normal web analytic software as well, no concern on privacy there.  There are many many different ways you could use mautic through your current site.
Conclusion: Mautic is a excellent platform if you put the time in to setup, learn and use it.  The learning curve can be a little steep for a new user, but the time you spend with it will pay off if you stick with it.  Being a free application, the price is right.  If you are looking for a way to do marketing automation, you really can’t go wrong with mautic.  My only regret is that I do not have a way to try the premium paid version of the software at this time.

Final note.

I attempted to record a part about creating the cron entries for mautic.  It was a train wreck and after hearing it, I decided to remove it from the episode.  I fully plan on creating a youtube video that will cover cron entries.  It was just too confusing to explain things with only audio.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | RSS

SEO with Megan Ferrell
SEO Search Engine Optimization with Megan Ferrell

SEO Search Engine Optimization with Megan Ferrell

By |
Share1
Share13
+1
Shares 14

SEO, Search Engine Optimization

Listen as I get schooled by Megan Ferrell of websites503.com about SEO, Search Engine Optimization. Megan gives the listener some great tips and advice on how to improve your SEO ranking. Listeners of the podcast may remember Megan from episode 4 , where we discussed 10 website security tips.

Some of the questions and topics we cover on this episode are.

What is SEO?
Process to start doing SEO on your website?
Getting ranked by google and other search engines?
Some of the tools that are needed to achieve this?

  • google webmaster tools
  • google analytics
  • sitemap file
  • same tools for other search engines like Bing.

Are other search engines important? Bing, DuckDuckGo, etc..?
Is a social media presence important to SEO?
Does site speed play into SEO?
3 things that anyone could do right now to increase their SEO presence?

Some useful links.

Official Google webmasters blog
Google webmaster youtube
Google Analytics
Google Webmaster Search Console

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | RSS

Disaster plan or success planning your website.
Disaster plan or success planning your website.

Disaster plan or success planning your website.

By |
Share1
Share
+1
Shares 1

Do you have a web site disaster plan in order?
I am betting you likely don’t.

Why is a disaster plan important?

The unknown is ever present in the world of technology. With the rise of malware and CPU defects, the chances of your site going down by unseen forces is getting higher every day. You literally could wake up one morning and your site is no longer online, or worse it is being held for ransom. Add into the mix the number of web hosting companies that go out of business or are sold to another company. If you don’t have a worse case disaster plan in place, it is my opinion you are not doing yourself any favors. It is very easy to put together and can be accomplished by anyone. This would be like having an emergency go bag if you live in a earthquake zone.

What are some key things you need to have on your disaster plan?

Login details for your Domain and where it is registered (username, password, phone number and support email address).
It may or may not be registered with the same company that hosts your website. I would make a document that includes your login details, contact phone number and support email address. Put this along with the others we will be covering into a envelope and seal it, then put that in a safe place.

Login details for your hosting account (username, password, phone number and support email address).
This is the location where your website is actually being served from. Put this information in the same envelope as the rest of the ones we are covering. It is also important to have a phone number and support email address along with your login details.

A current backup or archive.
We have discussed this several times on this podcast. You should have a current backup or archive you can work with of at least your website, and possibly of your whole hosting account. If you have been backing up externally or manually copying to a local disk drive, put this information and location of the backup in the envelope with the other information.

Now that you have your login details sorted out, you need to have some basic DNS information. I personally like to have a complete zone listing of all of my DNS entries. These are things like;

  • What are my nameservers and where are they pointing? Nameservers are vital to knowing where your zone record is being kept. If your nameservers vanish, your domain vanishes from the internet.
  • Where does www and yourdomain.com point to?
  • What are my MX records?
  • Do I have a custom record that is used for connecting to my mail server? For example, do you use mail.yourdomain.com and if so where is it pointing too?
  • Are there any other records I need for my site to be online? Custom records for a cdn, custom txt records that have been added, SPF records? There are many types of records that can be added to DNS. Some of them are for email, some are for proving you own a domain (google validation comes to mind). All records should be tracked and kept with your disaster plan records. You never know when you may need to recreate a zone entry.

 

Success plan not unlike the disaster plan.

What happens if your site starts getting a large amount of traffic. Good for you, bad for your hosting company if your on shared hosting. I have seen this type of thing happen time and time again. A article you may have written, or a product you are offering gets picked up by national news or celebrity likes your product. This is great news for you, but this can often result in your site going down or even being taken offline by your hosting company. How do you deal with a “scuccess” hit often involves the same things as a disaster plan. You may find yourself needing to move to a new host rather rapidly. Have those contact information and login details at the ready in your disaster plan packet. Lets just call this the “What if” packet.

If you are just experiencing some temporary increased traffic, meaning you don’t think it will last for very long as the hype dies down. There are a few steps you can do to help with the site traffic increase, which will likely help with server load.

  1. Use a caching service like cloudflare. We have discussed this in the past. Basic cloudflare services are free and it only takes a minute to setup. This will act as a buffer between your host and the people trying to access your site.
  2. Make sure you use expires and headers so files are cached. Another topic we have discussed in the first episode.
  3. Make sure you are compressing the site files with mod_deflate. See episode 1 for more details. Or listen to the end of this episode for the quick tip.
  4. Enable a caching plugin in your framework. Something like wp super cache or w3 total cache for wordpress will save you a lot of headaches with a sudden spike in site traffic. This will also lower server load by reducing the mysql queries required to load your site by making some of the site pages almost static in nature. This will in turn keep your host happy. This is not the same as cloudflare caching service.
  5. Serve a static site during the increase in traffic. This one is a little more tricky, but it is definitely possible. By removing the need to have mysql and php render pages, your site will load faster and have almost zero load on the server. This requires planning ahead however and having static pages ready to go.
  6. Work with your hosting provider to see if you can to keep your site online. If they are less than helpful, then reach out to the world and get a recommendation for a new host. A good host will want you to grow and be a part of your growth process. If they just suspend your account because you are successful suddenly, then they are impeding your growth and should be removed from the equation. If the host offers some suggestions to you, no matter if they sound complicated, and want to work with you in providing even a temporary solution to the situation, then you should listen and see if they can help.

Things to NOT do. Do not allow your host to move you to a tiny VPS of your own. This is the number one thing I see and it will kill your site, but save your hosts butt. If your site is already creating a problem on a very large shared servers with possibly many CPU cores and many Gigs of ram, what good is moving you to a 1 core and 1 gig of ram VPS going to do. They just want you off their shared server as fast as they can, they are not offering a solution but passing the buck to you and making a few bucks in the process. You site will never stay online in a small VPS unless you have someone that you can call on to make massive tweaks to the VPS itself, install specific software and configure it, this often requires a system administrator/engineer to do.

Do NOT try and block the inbound traffic that is being generated, this includes changing the URL, blocking IPs in .htaccess or server firewall. You want that traffic to come in, if there are elements on that page that require external resources, like a facebook or twitter feed, remove that code during the spike in traffic. These can potentially slow down your page speed.

The biggest take away I want to share with everyone is to be proactive and not reactive. Whether it is a disaster plan or a success plan, the “what if” scenario should be on the minds of everyone. And if you are not ready for it, it can be devastating to your site, your finances and even your emotional state. Like any other disaster preparedness scenario, regaining control of the situation as fast as possible will allow you to continue on with your life. It will remove stress and worry. If you get an email from your hosting provider saying, “your site has been shutdown because….” you will know how to proceed because of your planning. Take some time out of your busy week and determine the best way to handle your “what if” scenario, it will make your life a lot better. If you have already put together a “what if” packet, then please share your experience and tips you may have with me. I would love to hear about them.

Quick tip today is gzip compression in cPanel, you can also see a video I did on this here.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | RSS

Backup and Archive your website in preparation of the New Year.
Backup and Archive your website in preparation of the New Year.

Backup and Archive your website in preparation of the New Year.

By |
Share
Share
+1
Shares 0

Backup and Archive your website in preparation of the New Year.

What is the difference between a Backup and a Archive?

A backup is for short term recovery. This means a backup is likely a more current snapshot in time. Often a backup will be done daily/weekly/monthly. You should be able to restore your site from any of these backups. But what happens if the backup is corrupt, or your site is hacked and has been hacked for a while? This is where a Archive comes in. A archive, to me, is a snapshot in time of your site that you are comfortable and capable of starting from.

Example: You have a site or a blog, you do a weekly and monthly backup. You find out that it has been hacked and has hundreds of files that contain malicious code. You can spend all of your time, and possibly a large amount of money cleaning the site up. Or you could restore from a backup, but what if your backup also contains the hacked code? Maybe your site has been hacked for more than a month. Now those backups will likely not do you much good or save you time and ultimately money. A archive is what you will need to restore from. A snapshot in time, where you know your site is clean and functional and can also be rebuilt from. It is a starting point that you are comfortable with. it may not be a ideal situation to have to do, but at least you know you can do it. The alternative is to possibly spend hundreds of hours and maybe thousands of dollars with a developer or systems administrator cleaning up your now hacked site. It is possible that starting from the archive will be the quickest and safest path. If you do decide to restore from a archive, and it is because of a hack, be sure that you update everything and if possible determine how the hack originated. It would not hurt to change passwords and follow standard procedures for dealing with a hack, see episode 7 Web Hosting Podcast.

Backups in cPanel are created using a .tar.gz file format.

What is a .tar.gz file?
The .tar in the filename stands for Tape Archive. The .gz is a compression method known as GZIP. These can be opened with standard Windows, Mac and Linux applications. The first thing it will do is unzip the file, or decompress it. This will then leave a .tar file. This can then be extracted to get the contents of the full archive.

Generating a full backup through cPanel will generate a .tar.gz file in your chosen destination. To do this, login to cPanel and search for backup. This will show you either, backup or backup wizard. If you want a step by step process, use the wizard. If you want specific files then choose backup. They both will ultimately give you the same thing. If you choose to create your backup file in your home directory, be aware that this could take your account over quota and start breaking things rather quickly. Other options for backup destinations are FTP and SCP. You can also choose to download a current near line backup, which will download to the Downloads folder set by your web browser. If you plan to make a archive, be sure to generate a new full backup of your entire home directory. This will include mysql databases, email and your website directories.

Other things that are good to do at the start or end of a year?

Verify your whois data is current. This should be done regularly and is required by domain owners. Whois data is maintained through the company you registered the domain with.

Determine if there are domains that you no longer wish to keep before they are renewed. I find myself over the year purchasing domains for ideas I may have. Some of these ideas never see the light of day and become abandoned. This is a good time to determine if you wish to proceed with keeping these domains and websites going. This can save you a bit of money if you no longer wish to keep them going.

Do you have specific things you do to bring in the New Year for your website? I would love to hear what they are and discuss them on a future podcast episode. Contact me through the contact form.

In our quick tip, autoresponders for email.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | RSS

Dealing with a hacked website
Dealing with a hacked website and Malware types.

Dealing with a hacked website and Malware types.

By |
Share1
Share
+1
Shares 1

Dealing with a hacked website and Malware types.

Virus/Malware/Ransomware/etc….Covering the differences and how they might affect you.

Definitions resourced from Comodo

 

Differences between them all.

  • Malware – Malware is software written specifically to infect the target host system. Subcategories of Malware include.
  • Virus – Virus is a specific type of malware by itself. It is a contagious piece of code that infects the other software on the host system and spreads itself once it is run. It is mostly known to spread when software is shared between computers. This acts more like a parasite.
  • Adware – Adware is also known as advertising-supported software. It is software which renders advertisements for the purpose of generating revenue for its author. The advertisements are published on the screen presented to the user at the time of installation. Adware is programmed to examine which Internet sites, the user visits frequently and to present and feature related advertisements. Not all adware has malicious intent, but it becomes a problem anyway because it harms computer performance and can be annoying.
  • Spyware – This type of malicious software, spies on you, tracks your internet activities. It helps the hacker in gathering information about the victim’s system, without the consent of the victim. This spyware’s presence is typically hidden from the host and it is very difficult to detect. Some spyware like keyloggersmay be installed intentionally in a organization to monitor activities of employees.
  • Worms – This type of malware will replicate itself and destroys information and files saved on the host PC. It works to eat up all the system operating files and data files on a drive.
  • Trojan – Trojans are a type of virus that are designed to make a user think they are a safe program and run them. They may be programmed to steal personal and financial information, and later take over the resources of the host computer’s system files. In large systems it may attempt to make a host system or network resource unavailable to those attempting to reach it. Example: you business network becoming unavailable.
  • Ransomware – Ransomware is an advanced type of malware that restricts access to the computer system until the user pays a fee. Your screen might show a pop up warning that your have been locked out of your computer and that you can access only after paying the cyber criminal. The cyber criminal demands a ransom to be paid in order for the restriction to be removed. The infamous Cryptolocker is one type of ransomware.

 

Checking for a virus in your hosting environment.

 

Cpanel virus scan – uses clamav as the scanner.

Login to your cPanel account and look or search for “Virus Scanner”. Click on the image to open. You should now be presented with a series of radial check boxes.

  • Scan Mail – this is used to scan your email folders only.
  • Scan entire home directory – this is used to scan your cPanel home directory, including web/ftp/email spaces.
  • Scan public web space – this is used to scan only your web site locations on disk in your home directory.
  • Scan public FTP space – this is used to scan your FTP location on disk in your home directory.

I like to use “Scan Entire Home Directory” so it will scan everything. This could take a while to complete initially. Select this option and click on the “Scan Now” button. The Virus scanner will now start scanning your entire home directory for infected files. If it finds an infected file, you will be presented with 3 options for every file listed as infected.

3 options when it finds a virus.

  • quarantine – this will move the files selected in a quarantine folder in your home directory called quarantine_clamavconnector.
  • remove/delete – this permanently deletes the file with no hope of recovery. Be aware that you could possibly break your site if a core file is deleted using this option.
  • ignore – this will ignore the selected file. This allows you to manually remove the file or replace it through another means.

You can scroll to the bottom of the found virus list to use the “Select All” button for each of the above.

Gotchas I ran into during my testing.

Clamav was able to identify viruses on disk effectively, where external scanners could not see them at all. I chose to use sucuri site scan, to try and find these infected files. It was not able to. This leaves me to believe that unless the hacked/virus infected files are coded as part of your site (example in your footer.php), external scans will never see them. It is still a good idea to have external scans, but doing a regular scan at the host level that can see your actual files is still required. I highly recommend Clamav and CXS (Configserver eXploit Scanner) CXS ties into a database of php exploits as well as clamav and can scan your entire cPanel account for exploits that external scanners can not see.  CXS can also tell you what is outdated in your chosen CMS.  This is great for finding forgotten and possibly dead websites in your hosting account.

Dealing with a hacked website.

  1. Do not panic and stay calm.
  2. Take site offline.
  3. Change passwords (cPanel, ftp, email accounts, mysql, all of them).
  4. Diagnose/Scan – Either do this yourself or find/hire someone to do this. Some hosts can scan your hosting account to determine how bad the hack is and possibly how it was done.
  5. Remove hack – File restore, edit/clean files, clean database.
  6. Scan site again to ensure site is clean.
  7. Scan local computers used to maintain and access site to ensure they are not compromised or contain malware.
  8. Update site to be current.
  9. If you are on the google/firefox not safe list, you will need to get site delisted.
  10. If you did a clean restore your site, be sure to change the site password again. Often a restore will revert the password back to what it was previously which could have been compromised.
  11. Update everything!!
  12. Scan for virus and vulnerabilities again.
  13. If all clean, preform a final clean backup and archive it someplace safe.
  14. Get setup on a regular site security scan. This can be something as simple as sucuri or a host provided CXS (Configserver eXploit Scan). Maybe they have something else that they can do for you regularly, I would recommend checking with your own hosting provider to see what options they may have.

New 30 second tip from Megan Ferrell of websites503.com

If you would like to present your own 30 Second Tip, please use the contact page.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | RSS