Ask Sucuri: What should I know when engaging a Web Malware Company?

We work in a business in which it is always chaos. In most situations the client is often distraught, vulnerable, and is plagued with this feeling of being out of control. It is the business of web malware cleanup. The last thing any website owner wants is to delay the cleanup process because of silly things that could have been easily prevented.

In our mind, there are three things you must know before engaging with any web malware company:

  • Know Your Host
  • Know How to Access Your Server
  • Have a Backup

As simple as they may appear, they still remain allusive to many.

1. Hosting Environment

Where does your website live? Where does it communicate with the internet? The chances are you have paid someone to host the website for you. It is important to know who that is.

Questions to ask yourself include:

  • Who is my website host?
  • How do you contact them when everything seems to be going wrong? (i.e., phone, email, twitter, skype, chat, etc..)
  • How responsive are they?
  • How do you access your administrator panel?
  • In the event of malware, what is your hosts stance? Will they help you or tell you its your problem, deal with it.

If you had a development/design shop set things up for you, be sure that you are the point of contact on the account, especially if you’re paying for it. The last thing you want is to learn you don’t have access to your own website, and your development/design shop is nowhere to be found.

Understand your hosts protocol for malware remediation. Its not uncommon for them to disable your website if malware is found. This can cause a certain level of distress at the most inopportune time, so be aware of their processes and become proactive.

The Key is to engage with a web malware company before you get infected!

Ask if they support SFTP/SSH, this provides a secure connection to your server[s] and is the preferred communication mechanism. If they don’t, ask them why. Any firm or agent hired to clean your site will need some form of access, secure access is always the preferred method.

2. FTP/SFTP/SSH

File Transfer Protocol (FTP) is the mechanism that allows you to transfer information between two different machines connected to the internet. Know how to set this up on your host. If you don’t know how, use your trusty advisor – Google. Here is a real quick and easy search you can use and often works very well:

Google: How to create FTP account with [host name]

Here are links to some of the more common hosts and their protocols for how to create FTP accounts:

Secret FTP (SFTP) is exactly what the name implies, it’s an extention of Secure Shell (SSH), and the difference from FTP is it provides a secure file transfer capability.

Secure Shell (SSH) provides provides a secure channel over an insecure network, and is the safest bet in most cases. SSH is also the preferred method of connecting securely to a server when the site is not available or disabled by a host.

Not all hosts provide SSH access. If on a shared server the probability of getting it enabled is low, but possible.

As a website owner it is likely you’ll use one of these protocols to add/remove/change files on your server. It is important you understand how to manage access to these connection mechanisms. Most of the management for these connection types can be handled through your hosting panel. It is important to minimize access, and to ensure you use secure passwords.

Unless the service provider is managing your credentials, it is recommended that after every cleanup and/or engagement in which you share access info, that you change your passwords.

In the event that you have to work with a remediation firm, ensure you know your login information, and that you have validated your credentials. By validating your credentials, you can minimize the amount of time it will take to clean up your site by not having to do so during the remediation process.

3. Website Backups

There are more instances than we would like to admit of website owners that have lost their website or their content due to invasive malware. What makes it more challenging is that those same website owners did not have a backup.

Consider this our plea with you to backup your website and its content.

There are many platforms, and many different backup solutions. Start with your host, do they have a backup feature or do they recommend a solution? If you pay for sustainment or maintenance services with a development/design firm, ask if its part of the package. If none of that works, turn to your trusted advisor again – Google.

Pulling It All Together

We live in an age where we no longer have dedicated webmaster’s managing and maintaining our websites. As such, it falls on all website owners to understand the basics of website administration. Here at Sucuri, we feel that understanding these three areas will make our client engagements easier, streamlining the clean up process for all.

Closing With Quick Tips

  1. Know where your website lives;
  2. Know how to access the server your website lives on;
  3. Know how to access a saved version of your website and its content.

If you have any questions, don’t hesitate to send them our way – info@sucuri.net.

5 comments
  1. I use Sucuri for all of my client web sites, and it has been invaluable. One client had a business site he was building himself on WordPress, and it was hacked and showed a red background, a red screen, a violent image and graphics. He was quite happy to pay for the Sucuri.net solution and considered it a bargain. Another client had a very active blog on an unnamed host (beware of rock bottom hosting prices; a Euroconglomerate owns most of those hosting sites and they could care less if your site lives or not) and the hell we went through pre-Sucuri & backup system… well, I wouldn’t wish it on anyone. Sucuri.net rode in on their white horse and saved us from certain death by a thousand cuts.

    For backing up a WordPress site, I can’t speak highly enough about http://www.blogvault.net. Nightly backups of EVERY file you need to restore your site, and it carries a revolving 30 day repository of your site. If you’re hacked, you can go back to the day before. If one of your plugins breaks your site you can go back pre-upgrade.

    Hosts always say they provide backups, but unless you are on a business account you are on shared hosting, and they only do a systemwide backup in case of hardware failure or some other disaster… they can not reset a shared account back to a specific date in the past. And while you can use a plugin to generate an archive either kept on your server or emailed to you, it is not always comprehensive and it can be a bugger and a half to restore from, especially when you’re under stress from seeing a Google do-not-visit message on the front of your site. In that instance you don’t need a fast restore, you need an INSTANTANEOUS restore.

    Blogvault.net keeps everything you need, and it is a simple push-button-to-restore-version process, backed up by some of the best support I’ve ever encountered online, so a great fit for folks using the Sucuri.net system. I like it so much I’m not even using my affiliate address to forward you, but if you let Akshat @ blogvault know I recommended him, I’m sure he would appreciate knowing. You’ll become a fan too.

  2. Hi Tony, thanks. Excellent article. At http://www.ClickHOST.com we offer Sucuri as part of our service to our customers and we help them in this process. So, they don’t even have to figure out FTP, SSH, etc. We do it for them. We also keep backups (daily, weekly and monthly) of each hosting account that we can recover from.
    Using Sucuri.net’s excellent customer service team and malware cleanup software we’ve already saved many of our customer’s websites.

    Thanks guys! Awesome product.

    Carel + ClickHOST.com Team! 

Comments are closed.

You May Also Like