Malware Scanning of Web Content

Securing an online presence can be one of the most difficult tasks that our clients face. We spend a tremendous amount of time keeping a watchful eye on security advisories, applying patches, etc. just to make sure our servers remain secure. This is often very hard for resellers and web developers alike to keep up with.

For instance, let’s take your average WordPress based website. Not only do you have to make sure the WordPress core stays updated but you also have to do the same for all plugins and themes that are being used. It is very common for a WordPress site to have more than 10 plugins and a handful of themes installed at once. Fortunately, WordPress has a good interface for managing and installing these updates easily. Often times everything can be upgraded in just a few clicks. However, this still requires that someone login to the WordPress admin interface and perform the upgrades. For resellers managing hundreds of sites this can be tedious at best and it is easy for one to get overlooked.

Unfortunately, it only takes one bad egg to spoil the bunch. Just one seemingly minor oversight of a single WordPress install and a few months down the road we could be seeing thousands of spam emails being sent from it; or even worse. Web site security will be a common topic on our blog simply because it is very important and often forgotten. Even as a web hosting client you play an important role in keeping your server safe.

Given the quantity of clients and websites that we host, it is inevitable that one of them will get “hacked” through a vulnerable script, compromised login information, etc. from time to time. As such, back in January we implemented full malware scanning on all of our servers to help combat this. All hosted web data on our servers is now being scanned using various malware and virus definitions. This helps us quickly identify HTML files with injected code, harmful PHP scripts, etc. that might get placed on an account and sit there unnoticed by the site’s owner. A lot of times these are automated attacks that are simply placing PHP shells and spam scripts on the account for later use. Catching these before attackers do their dirty work is very important.

To help us combat these problems, we simply ask that clients respond as soon as possible to any malware notifications that they receive. In each notification we do our best to indicate if the detected problem was a vulnerable script that you were running or if your login information was compromised. We also a provide a complete list, along with the malware name, of each infection found. By working together we can help make the web a safer place one small piece at a time.

Leave a Reply