Tag: security

Dealing with a hacked website
Dealing with a hacked website and Malware types.

Dealing with a hacked website and Malware types.

By |

Dealing with a hacked website and Malware types.

Virus/Malware/Ransomware/etc….Covering the differences and how they might affect you.

Definitions resourced from Comodo

 

Differences between them all.

  • Malware – Malware is software written specifically to infect the target host system. Subcategories of Malware include.
  • Virus – Virus is a specific type of malware by itself. It is a contagious piece of code that infects the other software on the host system and spreads itself once it is run. It is mostly known to spread when software is shared between computers. This acts more like a parasite.
  • Adware – Adware is also known as advertising-supported software. It is software which renders advertisements for the purpose of generating revenue for its author. The advertisements are published on the screen presented to the user at the time of installation. Adware is programmed to examine which Internet sites, the user visits frequently and to present and feature related advertisements. Not all adware has malicious intent, but it becomes a problem anyway because it harms computer performance and can be annoying.
  • Spyware – This type of malicious software, spies on you, tracks your internet activities. It helps the hacker in gathering information about the victim’s system, without the consent of the victim. This spyware’s presence is typically hidden from the host and it is very difficult to detect. Some spyware like keyloggersmay be installed intentionally in a organization to monitor activities of employees.
  • Worms – This type of malware will replicate itself and destroys information and files saved on the host PC. It works to eat up all the system operating files and data files on a drive.
  • Trojan – Trojans are a type of virus that are designed to make a user think they are a safe program and run them. They may be programmed to steal personal and financial information, and later take over the resources of the host computer’s system files. In large systems it may attempt to make a host system or network resource unavailable to those attempting to reach it. Example: you business network becoming unavailable.
  • Ransomware – Ransomware is an advanced type of malware that restricts access to the computer system until the user pays a fee. Your screen might show a pop up warning that your have been locked out of your computer and that you can access only after paying the cyber criminal. The cyber criminal demands a ransom to be paid in order for the restriction to be removed. The infamous Cryptolocker is one type of ransomware.

 

Checking for a virus in your hosting environment.

 

Cpanel virus scan – uses clamav as the scanner.

Login to your cPanel account and look or search for “Virus Scanner”. Click on the image to open. You should now be presented with a series of radial check boxes.

  • Scan Mail – this is used to scan your email folders only.
  • Scan entire home directory – this is used to scan your cPanel home directory, including web/ftp/email spaces.
  • Scan public web space – this is used to scan only your web site locations on disk in your home directory.
  • Scan public FTP space – this is used to scan your FTP location on disk in your home directory.

I like to use “Scan Entire Home Directory” so it will scan everything. This could take a while to complete initially. Select this option and click on the “Scan Now” button. The Virus scanner will now start scanning your entire home directory for infected files. If it finds an infected file, you will be presented with 3 options for every file listed as infected.

3 options when it finds a virus.

  • quarantine – this will move the files selected in a quarantine folder in your home directory called quarantine_clamavconnector.
  • remove/delete – this permanently deletes the file with no hope of recovery. Be aware that you could possibly break your site if a core file is deleted using this option.
  • ignore – this will ignore the selected file. This allows you to manually remove the file or replace it through another means.

You can scroll to the bottom of the found virus list to use the “Select All” button for each of the above.

Gotchas I ran into during my testing.

Clamav was able to identify viruses on disk effectively, where external scanners could not see them at all. I chose to use sucuri site scan, to try and find these infected files. It was not able to. This leaves me to believe that unless the hacked/virus infected files are coded as part of your site (example in your footer.php), external scans will never see them. It is still a good idea to have external scans, but doing a regular scan at the host level that can see your actual files is still required. I highly recommend Clamav and CXS (Configserver eXploit Scanner) CXS ties into a database of php exploits as well as clamav and can scan your entire cPanel account for exploits that external scanners can not see.  CXS can also tell you what is outdated in your chosen CMS.  This is great for finding forgotten and possibly dead websites in your hosting account.

Dealing with a hacked website.

  1. Do not panic and stay calm.
  2. Take site offline.
  3. Change passwords (cPanel, ftp, email accounts, mysql, all of them).
  4. Diagnose/Scan – Either do this yourself or find/hire someone to do this. Some hosts can scan your hosting account to determine how bad the hack is and possibly how it was done.
  5. Remove hack – File restore, edit/clean files, clean database.
  6. Scan site again to ensure site is clean.
  7. Scan local computers used to maintain and access site to ensure they are not compromised or contain malware.
  8. Update site to be current.
  9. If you are on the google/firefox not safe list, you will need to get site delisted.
  10. If you did a clean restore your site, be sure to change the site password again. Often a restore will revert the password back to what it was previously which could have been compromised.
  11. Update everything!!
  12. Scan for virus and vulnerabilities again.
  13. If all clean, preform a final clean backup and archive it someplace safe.
  14. Get setup on a regular site security scan. This can be something as simple as sucuri or a host provided CXS (Configserver eXploit Scan). Maybe they have something else that they can do for you regularly, I would recommend checking with your own hosting provider to see what options they may have.

New 30 second tip from Megan Ferrell of websites503.com

If you would like to present your own 30 Second Tip, please use the contact page.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

Tweet
Share
Share1
1 Shares
10 website security tips with Megan Ferrell and show feedback.

10 website security tips with Megan Ferrell and show feedback.

By |
10+ Web Site Security Tips
10+ Web Site Security Tips

Feedback on/about the podcast.

  • Who is this podcast for?

The short answer to this question is, me. This podcast came about by me wanting to have something for my children to remember me by. I originally started reading books, recording them and then archiving them. The first book I read was Night Before Christmas. We have a family tradition of reading it Christmas eve. I wanted there to be a recorded version of myself that my children could listen to and share with their kids, long after I was gone. From there, I started reading Encyclopedia Brown books. This series holds fond memories for me and my youngest as it is one of the first books we read together, and then tried to figure out the answer. It was a lot of fun and if you have not read any of the books I highly recommend reading them. Even as an adult, they hold great value. After doing the books for a while, the next logical step was to do a podcast. Something that shared my discipline in Linux/Unix. So the podcast, web hosting podcast, was born.

For those that wonder what the target market would be for this podcast, I am not 100% certain. I like to think it is someone that is new to hosting and wants to get the most out of their shared hosting plan. I really like to share and give out information to anyone that will listen, and anyone that knows me personally, I think would agree. There is a wealth of information jammed into my head about everything from Apache to Xen Virtualization. Most of it is going to be very boring. So, I try to wade through the minutiae and bring the elements of hosting that I think would be not only interesting, but relevant. My hope is that this remains fun, for me, and in the end if someone finds one thing that is useful then that would be a bonus.

If you have questions or comments regarding the podcast or your own web site please feel free to drop me a line. The easiest way to reach me is through the contact form on https://webhostingpodcast.com/contact

 

10 website security tips + a few more for good measure.

Megan Ferrell from websites 503 joins me via zoom.us to discuss 10 website security steps. We take time going over the questions after the speed round of her answering them. We then add a few of our own recommendations for good measure. I urge anyone that has a website to look over these 10+5 security steps and see how your web site rates. These steps are very easy to fulfill so you get a 100%.

  1. Is your CMS software up to date?
  2. Are you using trusted third-party plugins and themes?
  3. Have you changed default settings on your CMS?
  4. Do you promptly remove outdated access permissions?
  5. Does your website URL start with HTTPS?
  6. Are you using a WAF (Web Application Firewall)?
  7. Is your server monitored for malware?
  8. Do you use SFTP instead of FTP to upload files to your website?
  9. Do you have daily backups of your website?
  10. Are passwords difficult?

    Bonus round

  11. Have you changed all default passwords sent to you when you signed up?
  12. Does your developer or another person know your passwords?
  13. Have you disabled and removed all unused themes or plugins?
  14. Have you hidden your login page?
  15. Have you enabled or use two factor authentication?

The original 10 steps came from the following link.

Upcoming topics and additonal show ideas.
In the coming episodes, we are going to take a look at SEO, Managed WordPress Options that are FREE, modifying the robots.txt file and touch on some development topics. I am also looking at starting a web hosting round table show in 2018 using google hangouts or youtube. If anyone is interested in participating in the round table, please use the contact form to get in touch. The idea from the round table came from watching the podcasters round table. I would like to have no more than 6 people on at a time, a topic would be determined ahead of time to ensure a proper fit, and then discuss that topic in a round table setting. I think it would be very informative to get many different points of view. For example, my idea of a developer/designer could possibly be different than yours. If this sounds like something that would interest you please let me know.

Podcast: Play in new window | Download

Subscribe: Apple Podcasts | Android | Google Podcasts | Stitcher | TuneIn | Spotify | RSS

Tweet
Share
Share2
2 Shares