When searching for your business online and you see this –
Your website and business are in trouble. You’ve been hacked. What should you do?
Every day, malicious users, hackers and cybercriminals attempt to compromise thousands of websites. Hacks are often invisible to users, yet remain harmful to anyone viewing the page — including the site owner and/or business. Every day, we see customers who unbeknownst to them, have been hacked and their site has become infected with harmful code which in turn can record keystrokes on visitors’ computers, stealing login credentials for online banking or financial transactions.
You may ask yourself, isn’t it my web hosts job to protect my server? The answer is both yes and no. Your web host, like Canadian Web Hosting, has most likely implemented strong network security mechanisms and other security features that ensure your service works properly including hosting your website. However, where the most common misconception is that your web host does not control your server and your code for your website unless you are utilizing managed services. In an unmanaged environment, each customer is responsible for updating their applications, website code and implementing services to protect their business. We’ve seen some recent vulnerabilities with popular applications like WordPress that have severely impacted customer websites because they did not keep their applications up to date, even after receiving notifications that their code needs to be patched due to emergency vulnerabilities that have been identified. These attacks range from server configuration problems, SQL injections, Code injection, error templates and many more. It is also interesting to note that many customers fall into heavily targeted areas without even knowing that they are in a high risk geography. Trustwave recently release a graphic that shows the most common areas of attack based on country.
So, if you’ve been hacked what should you do? Here is where you ask yourself, do I want to handle it myself? Or get help? Here at Canadian Web Hosting we follow-up a very rigid methodology to quickly identify malware/hacks on customers site, and have built a rigorous process to eliminate the hack as soon as possible. Typically, we will look at the following steps:
1) Scanning your site
2) Quarantining the site
3) Validating backup files
4) Assessing the damage (hacked with spam or malware)
5) Identify the vulnerability
6) Clean and maintain the website
7) 24/7 Monitoring
Now, depending on your own expertise these steps range from basic to advance and may require a security professional to analyze the hack, remove it from your site/code and validate that your site is clean. In the next article, we will spend more time talking about each step and identifying some best practices to minimize any impact on your business and your customers. However, some simple steps can go a long ways in the event that an issue has occurred. Check your user accounts and make sure you have unique passwords that follow secure password principles, update your web applications and operating systems whenever a patch is released, and utilize low-cost 3rd party security providers that can monitor your site 24/7 and will notify you of any potential vulnerabilities or malware attacks on your site.
There are a few services like this available today like stopthehacker and Sucuri that offer basic month-to-month or yearly costs to monitor your site and your reputation and notify you in real time when an issue occurs. Recently, Canadian Web Hosting, the leading provider of web hosting and cloud-based Infrastructure as a Service (IaaS) solutions in Canada, partnered with Sucuri, the leader in malware prevention to deliver a cost-effective solution that is focused on malware detection and removal. The reasons for this are several but are focused on several key principles – 1) extremely effective at identifying issues, 2) low cost threshold, 3) continuous updates to their database and security threads and 4) use of security professionals who review your site code and implement fixes. This last point has been a key benefit for Canadian Web Hosting customers as it avoids common issues that we see with “automated” malware removal where the system just carves out the code without recognizing possible scenarios that will cause a site to crash or become unworkable.
Sucuri, works by actively scans all pages of customers’ websites for viruses and possible web malware threats to see if malicious users have injected harmful code into them. Additionally, Sucuri continually monitors potential new versions of malware and protects online businesses from any emerging threats. Because of potential complexities identified in the process list above, Canadian Web Hosting security experts take a very proactive approach work with our customers and will actively manage any malware notifications or possible attacks. In the event that an issue is identified, Canadian Web Hosting’s security teams take all necessary actions to rectify the situation including validation of clean backups and files, malware removal, and continuous communication with the customer. Here are some of the features of Sucuri:
Standard Malware Detection
Advanced Malware Detection with Artificial Intelligence
Server-side Scanning including .htaccess Hack Detection
Webpage Defacement Detection
Phishing Page Detection and many more
Blacklist and Reputation Monitoring
Server Side Scanning
Speed Monitoring & Up-time Monitoring
Working in combination with Canadian Web Hosting’s Secure IT platform, customers will benefit from using Canadian Web Hosting’s advanced Defense Network layer approach that both protects and monitor botnets, malware and a customer’s website’s IP reputation to protect their users and networks from possible malware attacks. This includes malware prevention scanning that blocks inbound and outbound traffic by tracking malicious activities to their firewall gateways to enforce pre-determined security policies, as well as server side and website scanning that when combined are 85% more effective in preventing malware and malicious attacks when compared to traditional malware services.