malware
Permalink
How do i protect (free) my site from malware that can get onto my host? Do I do it through concrete5 or at bluehost?
> there are no known security problems
@Cahueya how do you know? Or do you mean "as far as I know"?
@Cahueya how do you know? Or do you mean "as far as I know"?
You are right, it is "as far as I know" :-)
Thank you.
Hi,
You need to be protecting the host.
I had a problem with a client that regularly became infected, this was running Magento not C5 but the principles remain the same. When they logged in as admin a bitcoin miner was installed.
This issue was finally resolved when the user implemented item 5 below.
For me there are a few things I do for internet facing systems:-
1. Only use HTTPS connections for your websites
2. Use SFTP not FTP where ever possible
3. Limit and control authorised access to the host (admin users)
4. Enforce complex passwords which expire on a regular basis
5. Encourage users with authorised access to your host to have good quality virus and malware checkers installed on their computers, making sure the signatures are updated daily, also make sure they install O/S updates regularly.
6. Make sure the host O/S is up to date
7. Make sure you keep the version of C5 up to date
8. Install a virus checker on the host(I use maldet which is free, and scheduled to run daily)
9. If you can implement fail2ban on the host this will spot repeated login attempts to the host and other applications and add the offending IP to IPTables on the server blocking future attempts.
For shared hosting where you share resources with other websites many of the above are not available to you. I have had cases where infection in my area came from a breach on someone else's website which gave the attacker access to the central host and thus all the websites on the host.
I can't comment on BlueHost, I have never used them, but I have a friend that makes extensive use of Blue Host and has never had an issue.
These are some of my own standards and some people will say I am going over the top.
Right now I have 5 cloud hosts that all adhere to these rules, one of these hosts has blocked over 11,000 IP Addresses resulting from failed login attempts to SSH and smtp ports on just one server. These are the aspects of the internet we don't see, there is an endless and concerted effort to hack into any system that happen's to come to the attention of the hackers and we have to defend against this.
Hope that helps
You need to be protecting the host.
I had a problem with a client that regularly became infected, this was running Magento not C5 but the principles remain the same. When they logged in as admin a bitcoin miner was installed.
This issue was finally resolved when the user implemented item 5 below.
For me there are a few things I do for internet facing systems:-
1. Only use HTTPS connections for your websites
2. Use SFTP not FTP where ever possible
3. Limit and control authorised access to the host (admin users)
4. Enforce complex passwords which expire on a regular basis
5. Encourage users with authorised access to your host to have good quality virus and malware checkers installed on their computers, making sure the signatures are updated daily, also make sure they install O/S updates regularly.
6. Make sure the host O/S is up to date
7. Make sure you keep the version of C5 up to date
8. Install a virus checker on the host(I use maldet which is free, and scheduled to run daily)
9. If you can implement fail2ban on the host this will spot repeated login attempts to the host and other applications and add the offending IP to IPTables on the server blocking future attempts.
For shared hosting where you share resources with other websites many of the above are not available to you. I have had cases where infection in my area came from a breach on someone else's website which gave the attacker access to the central host and thus all the websites on the host.
I can't comment on BlueHost, I have never used them, but I have a friend that makes extensive use of Blue Host and has never had an issue.
These are some of my own standards and some people will say I am going over the top.
Right now I have 5 cloud hosts that all adhere to these rules, one of these hosts has blocked over 11,000 IP Addresses resulting from failed login attempts to SSH and smtp ports on just one server. These are the aspects of the internet we don't see, there is an endless and concerted effort to hack into any system that happen's to come to the attention of the hackers and we have to defend against this.
Hope that helps
Thanks for a great detailed answer.
Most times that malware gets onto a server, it is through unsafe use of FTP connections. Get sure you use only SFTP or FTP-SSH when transferring data to your server. Use safe (long, diverse) passwords and do not save them in your FTP client.
Even better: When you are done with uploading files to your server, disable all FTP services.