Webmaster Forum

Go Back   Webmaster Forum > Web Development > Web Hosting Forum

Web Hosting Forum Discuss web hosting related stuff.


Closed Thread
 
Thread Tools Display Modes
Share |
  #1  
Old 10-25-2017, 06:15 AM
seodaikaads seodaikaads is offline
Contributing Member
 
Join Date: 05-02-14
Posts: 188
iTrader: 0 / 0%
Malware in Hosting Server

What I have to do if the hosted server is affected with malware?
 

Advertisement

Advertisement

  #2  
Old 10-25-2017, 10:06 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,707
iTrader: 5 / 100%
Did you notify them? If so and they have done nothing, move!
 
  #3  
Old 10-26-2017, 11:46 PM
webhost.uk.net webhost.uk.net is offline
Contributing Member
 
Join Date: 07-26-09
Posts: 110
iTrader: 0 / 0%
Quote:
Originally Posted by seodaikaads View Post
What I have to do if the hosted server is affected with malware?
Its good to move to a reliable provider with proper security updated. Accounts on server can be infected if there servers are infect at root level there are security flaws in that case.
 
  #4  
Old 10-27-2017, 10:38 AM
LMD's Avatar
LMD LMD is online now
Contributing Member
 
Join Date: 11-04-12
Location: Where my wife tells me to be. :)
Posts: 6,777
iTrader: 0 / 0%
Quote:
Originally Posted by seodaikaads View Post
What I have to do if the hosted server is affected with malware?
Maybe this is a dumb question, but if you are not on a stand-alone server, how do you know it's a server-wide issue, and not just contained in your own domain space?

At least reasonable hosting companies should have separate spaces so that a virus or malware does not infect the entire server or bank of servers.
 
  #5  
Old 12-23-2017, 05:19 PM
pavani25 pavani25 is offline
Contributing Member
 
Join Date: 11-04-17
Location: Bangalore
Posts: 58
iTrader: 0 / 0%
Sometimes hosting companies will push malicious fingers into your root folder and into all website's folders. You have manually take that backup files and by morning we will be planning.
 
  #6  
Old 12-24-2017, 06:41 AM
LMD's Avatar
LMD LMD is online now
Contributing Member
 
Join Date: 11-04-12
Location: Where my wife tells me to be. :)
Posts: 6,777
iTrader: 0 / 0%
Quote:
Originally Posted by pavani25 View Post
Sometimes hosting companies will push malicious fingers into your root folder and into all website's folders. You have manually take that backup files and by morning we will be planning.
Ah, er, what??
 
  #7  
Old 12-24-2017, 04:12 PM
ScriptMan's Avatar
ScriptMan ScriptMan is online now
Super Moderator
 
Join Date: 02-10-07
Location: Central Kentucky
Posts: 14,015
iTrader: 4 / 100%
Just a been there and seen that comment.

Malware can come in on ads you are hosting on your site. Even Big G has put out bad material once or twice that I recall.

It can also be contained in headers and footers of FREE templates you are using.

Quote:
Sometimes hosting companies will push malicious fingers into your root folder and into all website's folders.
Unless you are using free hosting I would seriously doubt this has ever happened.
 
  #8  
Old 12-24-2017, 11:10 PM
shaileshshakya shaileshshakya is offline
Contributing Member
 
Join Date: 11-22-17
Location: Delhi
Posts: 93
iTrader: 0 / 0%
Either you contact your hosting provider or remove them manually.
 
  #9  
Old 12-26-2017, 08:07 AM
tina77 tina77 is offline
Junior Member
 
Join Date: 12-26-17
Location: India
Posts: 16
iTrader: 0 / 0%
I had one website that is having malware problem on home page URL but hosting provider not supporting at all.
 
  #10  
Old 12-31-2017, 02:23 AM
janjane janjane is offline
Contributing Member
 
Join Date: 12-22-17
Posts: 77
iTrader: 0 / 0%
Contact your hosting support or purchase a sitelock plan and get rid of them automatically.
 
  #11  
Old 01-03-2018, 11:25 PM
manisha g manisha g is offline
Junior Member
 
Join Date: 08-17-17
Posts: 32
iTrader: 0 / 0%
Quote:
Originally Posted by seodaikaads View Post
What I have to do if the hosted server is affected with malware?
Check out with your webshost regarding the sitelock protection for your website. Most of the webhosts like Scopehosts offer sitelock protection to protect websites against malwares.
 
  #12  
Old 01-15-2018, 09:14 PM
lostmind lostmind is offline
Junior Member
 
Join Date: 01-15-18
Posts: 7
iTrader: 0 / 0%
Quote:
Originally Posted by seodaikaads View Post
What I have to do if the hosted server is affected with malware?
You have only a few options:

1) Go through the site and remove the malware from every page and clean your databases.

2) Ask your host to clean your site. Generally, hosts do not do this for free because it is time consuming.

3) Restore from backups prior to the malware.

4) Purchase a hack/malware removal service from a company like Sucuri.

Regardless of what you choose, you must immediately update your site once cleaned, change your passwords, ensure the users in your database have the correct details (your wordpress site gets hacked, the hackers can change your admin contact email to one that they control and simply do a password reset once you've cleaned your site and then they can easily re-infect you), scan your workstation for malware, etc etc.

99.99% of the time, malware on your hosting account is due to either your website software (joomla, drupal, wordpress) being out of date and thus easily exploitable or you have malware on your workstation. These are your fault and NOT the fault of your hosting provider, unless they explicitly state they will keep your website software up to date.

Quote:
Originally Posted by HTMLBasicTutor View Post
Did you notify them? If so and they have done nothing, move!
What do you expect a host to do when your site is infected? Typically it is the fault of the webmaster for not remembering to update their CMS or set the CMS to auto update...

A hosting company really shouldn't be touching your website without your authorization...
 
  #13  
Old 01-15-2018, 09:54 PM
HTMLBasicTutor's Avatar
HTMLBasicTutor HTMLBasicTutor is offline
Administrator
 
Join Date: 10-29-07
Location: Canada
Posts: 26,707
iTrader: 5 / 100%
Quote:
Originally Posted by lostmind View Post
What do you expect a host to do when your site is infected? Typically it is the fault of the webmaster for not remembering to update their CMS or set the CMS to auto update...

A hosting company really shouldn't be touching your website without your authorization...
When you take things out of context
Quote:
Originally Posted by seodaikaads View Post
What I have to do if the hosted server is affected with malware?
Quote:
Originally Posted by HTMLBasicTutor View Post
Did you notify them? If so and they have done nothing, move!
It's easy to beat up someone's reply.

I happen to have experience proving it was the web hosting company's fault a site was infected and it had nothing to do with what software the site was running. They denied it from the start, blaming the site in question then had to apologize.
 
  #14  
Old 01-15-2018, 10:12 PM
lostmind lostmind is offline
Junior Member
 
Join Date: 01-15-18
Posts: 7
iTrader: 0 / 0%
Out of context? I do not think that I took your reply out of context...

You state: "It's easy to beat up someone's reply."

I asked, "What do you expect a host to do when your site is hacked?"

I've been in the hosting game for over 20 years. Yes, I've seen servers get compromised that caused many client sites to be hacked. But, not in the past 10-15 years or so.

In recent times, hosts have lots of "tricks" to isolate accounts - cloudlinux, containers, etc. - and so it's almost always (but not always, sure! But those cases are pretty blatant - hundreds of sites hacked at once, or worse every server compromised) the fault of the client not updating their site. Heck, even with a basic WAF enabled, it's hard to protect against out of date sites being exploited.

I'm realistically asking for feedback. Happens to be my industry. I have to deal with this daily on our servers, simply because we can not protect against every vector when a client refuses to update their site because their custom theme/plugin/widget doesn't work with the latest release of xyz CMS.

What I see is the site gets hacked. I have to suspend the website to prevent further damage and spamming/malware distibution/phishing etc. (not email unless we have to though, we just block the site unless otherwise warranted). Then we contact the client and lay out their options. Client is almost always upset with us that their site is offline and their site is hacked.

From my point of view, if they simply kept their site up to date, it wouldn't have been an issue.

Fixing a hacked website can take hours and hours of work. Some are simply drive by's that take us a few commands to clean out. Others literally take days to go through code line by line...

So yah, I am actually fishing for feedback on what people expect a host to do in such a situation and not attempting to beat up someone's reply.

Besides, I posted 4 options for what to do when you site is hacked. I have written a pretty decent blog post on this stuff but I can't post it here. But maybe I can get some ideas for a future blog post.

So maybe you are an old timer like myself and remember the wild days of the interwebs when anyone could call themselves a website host even if they had no idea how to compile a kernel or what basic server security is...

But that's not very relevant to today's world.

Although, if you are on a shared hosting server and 1 account was hacked that led to your account being hacked... yes, indeed; run.

However, if your host says - your wordpress site is 1.5 years out of date and that's why you got hacked, you really can't blame your host. If you must run an out of date CMS, buy a serious WAF like Sucuri (Cloudflare is not a serious WAF, it's a CDN more than anything).
 
  #15  
Old 01-16-2018, 06:31 AM
LMD's Avatar
LMD LMD is online now
Contributing Member
 
Join Date: 11-04-12
Location: Where my wife tells me to be. :)
Posts: 6,777
iTrader: 0 / 0%
Quote:
Originally Posted by lostmind View Post
Although, if you are on a shared hosting server and 1 account was hacked that led to your account being hacked... yes, indeed; run.
In my experience, server support personnel will never tell you that (my bolding above), and there's pretty much no way we (resellers or individual account holders) will know. Even as a reseller for the last 18 years, they'll dance around these topics. To some degree, I kind of understand why they don't share much info, but I wish they'd be more forthcoming.

They have said, however, that each individual account is in a separate space that shouldn't be affecting others (at least that's what they have said).

Quote:
Originally Posted by lostmind View Post
However, if your host says - your wordpress site is 1.5 years out of date and that's why you got hacked, you really can't blame your host.
In most cases, pertaining to WordPress, it's the site owner's fault if they've not kept the WP version, theme and plugins up-to-date. In fact, a lot of support won't even go that far (my bolding above). In a few cases, some inquisitive support guys/gals will look into an issue that falls outside their parameters of support, which I really appreciate. It doesn't always solve the issue, but it's nice to know more than "it's WordPress, we don't support it."
 
  #16  
Old 01-16-2018, 12:35 PM
lostmind lostmind is offline
Junior Member
 
Join Date: 01-15-18
Posts: 7
iTrader: 0 / 0%
Quote:
Originally Posted by LMD View Post
In my experience, server support personnel will never tell you that (my bolding above), and there's pretty much no way we (resellers or individual account holders) will know. Even as a reseller for the last 18 years, they'll dance around these topics. To some degree, I kind of understand why they don't share much info, but I wish they'd be more forthcoming.
Yah, this is true. But as a provider it is very difficult to hide the fact that hundreds of sites were hacked at once. Unless the host is like myself and has only 50 or so accounts per server, but that is a rarity. When you go to hosting conferences, the talks are all about density and how to increase it.

Quote:
Originally Posted by LMD View Post
They have said, however, that each individual account is in a separate space that shouldn't be affecting others (at least that's what they have said).
Yup, there are plenty of tools that the vast majority of hosts are using now to isolate users from each other. Login to your account, run a pstree and you probably are only seeing a subset of the server processes. Try to view files outside your directory and you probably can't. This is because you are segregated from the other clients and typically this is a very good thing.

It means that your average script kiddy that drive by hacks your site isn't going to be able to hack other client sites as well...


Quote:
Originally Posted by LMD View Post
In most cases, pertaining to WordPress, it's the site owner's fault if they've not kept the WP version, theme and plugins up-to-date. In fact, a lot of support won't even go that far (my bolding above). In a few cases, some inquisitive support guys/gals will look into an issue that falls outside their parameters of support, which I really appreciate. It doesn't always solve the issue, but it's nice to know more than "it's WordPress, we don't support it."
Well, the reason that most hosts won't even look that deeply is because margins are razor thin and so it's not profitable to "care" about the client anymore.

We have a process where when we get an alert regarding malware, we scan the site, block it with htaccess to allow the client email to still function (as in most cases email is more important than the website it seems), clear the mail queue to prevent further reputation damage and notify the client of the obviously infected files and provide them their options for resolution. We even wrote up a nice post on how to fix your hack yourself and track down the source of infection.

But it still isn't very appreciated by clients. No one is happy about being hacked, regardless of how much effort a host puts into it for the client. They just want it to work... which is understandable.

The majority of clients are businesses with a simple online presence... they've paid a designer a few grand to build a decent site based on wordpress but they don't want to pay the developer $xxx/m for maintenance and are already upset enough at the cost of the site + basic sub $10/m hosting fees. They tend to not be the most tech minded people (they are skilled in their profession, not tech) and assume things will "JUST WORK".

I wish it was easier to convince people that the small investment in their online presence is well worth it...
 
  #17  
Old 01-18-2018, 08:44 AM
LMD's Avatar
LMD LMD is online now
Contributing Member
 
Join Date: 11-04-12
Location: Where my wife tells me to be. :)
Posts: 6,777
iTrader: 0 / 0%
Quote:
Originally Posted by lostmind View Post
I wish it was easier to convince people that the small investment in their online presence is well worth it...
Roger that!
 
  #18  
Old 02-05-2018, 12:47 AM
alainasmith alainasmith is offline
Junior Member
 
Join Date: 02-03-18
Posts: 1
iTrader: 0 / 0%
First, make sure that is it malware or not? If yes then remove it from your website as soon as possible. Change all of your passwords immediately and make stronger one for security purpose. Identify the weakness of your site, whether it’s related to password or structural problems and fix it asap.
 
  #19  
Old 02-05-2018, 01:18 AM
Jim_carter Jim_carter is offline
Junior Member
 
Join Date: 11-13-17
Location: Old Tappan
Posts: 3
iTrader: 0 / 0%
Well you can use anti malware software like malwarebyte to scan your server. Also need to change all passwords (use alphanumeric- upper and lower case and special symbols combination)
 
  #20  
Old 02-05-2018, 05:25 AM
Lebar.123 Lebar.123 is offline
Banned
 
Join Date: 10-17-17
Posts: 152
iTrader: 0 / 0%
If your website has malware on it, your hosting account's security was compromised and someone has uploaded malicious software (i.e. malware) to it.

There are many ways to resolve the issue, but we're going to cover the fastest and easiest way to fix your website.

You also should: Identify & fix the weakness, Change your passwords
 
Go Back   Webmaster Forum > Web Development > Web Hosting Forum

Closed Thread


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


V7N Network
Get exposure! V7N I Love Photography V7N SEO Blog V7N Directory


All times are GMT -7. The time now is 01:33 PM.
Powered by vBulletin
Copyright 2000-2014 Jelsoft Enterprises Limited.
Copyright © 2003 - 2018 VIX-WomensForum LLC