Security Monitoring Saves the Day

Server Side Scans and File Integrity Monitoring

For the second week of  National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security posture: monitoring.

How can security monitoring save your day?

Most people only care about their website security after something bad has already happened. However, how can you tell when something is attempting to harm your website? Sometimes it is a very noticeable issue, such as:

  • website defacement – when the home page of the website is wiped out and something else appears in front of the visitor’s eyes;
  • unresponsive website – when the website pages respond too slowly or stop loading at all;
  • SEO spam – when the website listing in search engines shows unrelated spam keywords, often pharma keywords; or
  • a website blacklist warning – when a red warning page shows all your visitors that the website they are about to go to is not secure.

Another question that we should ask ourselves is, are we visiting our website often enough to notice when something little changes? If you had monitoring in place, the risk of getting a call from a client saying that there is something odd with your website should not be haunting you.

The importance of securing a website cannot be understated. While 100% security is not a realistic goal, there are ways to keep your website monitored on a regular basis so you can take immediate action when something happens.

Here are some types of monitoring that can be implemented on a website:

1- Remote Scanner

A remote scanner acts like different visitor types, crawling the website link by link and looking for visible signs of infection. This allows the scanner to detect conditional malware that only shows to specific visitor types (i.e. mobile visitors from the U.S).

A remote website security scanner:

  • obfuscates JavaScript injections,
  • website defacements,
  • malicious iframes,
  • phishing attempts,
  • malicious redirects,
  • anomalies,
  • drive-by downloads,
  • SEO blackhat spam,
  • pharma hacks, etc.

In order to detect those, it is critical to know the malware signature. That is why our malware researchers and security analysts regularly update our malware database. You can see the latest malware signatures we have found on SucuriLabs.

Sucuri has a free remote scanner that is available to anybody. Here is how SiteCheck works:

  • The remote scanner visits the main page and extracts the list of links, JavaScript file, and iFrames.
  • It revisits the main page acting as a search engine bot.
  • From the extracted links, SiteCheck selects 8-10 of them and visits them using different referrers and user agents.
  • Then it extracts and scans JavaScript files and iFrames.
  • All of those pages/links run against our large malware database.
  • Multiple anomaly checks begin while it compares results between different user agents/referrers to see if there is anything hidden.
  • It checks all the included resources against multiple blacklists to see if anything has been flagged by blacklisting agencies like Google, McAfee, Norton, and others.

2- Blacklist Scanner

There are a couple of different services which report any suspicious websites. If a website is hacked, it can get flagged too. That’s why blacklist scanners, such as SiteCheck, will see if your website is listed on the most popular anti-malware services such as McAfee, Google, Spamhouse, and PhishTank.

We have written a guide on how to remove a website from a blacklist that can be handy to deal with blacklist warnings.

3- Server-Side Scanner

Some infections hide deeper in the files and are not visible to visitors. Even though remote scanners are very efficient, they can only check your site from the public facing side. Remote scanners cannot penetrate all the website layers, so in order to detect those infections, you need to use a server-side scanner.

Server-side scanners check all files on the server. It goes file by file internally on the server trying to identify signs of malware. Server-side scanners can find:

  • backdoors,
  • phishing pages,
  • spam mailers,
  • DDoS scripts, etc.

Note: Remote scanners and server-side scanners complement each other to give complete coverage.

4- DNS Scanner

The Domain Name System (DNS) connects your website address (www.example.com) to the server IP address where your web files are stored (127.0.0.1).

Hackers can take over domains and redirect them to different servers, potentially causing loss of ownership in which the following possibilities would display:

  • different content than the content previously present on a website;
  • the same website, but with information sent by visitors going to the hackers;
  • a missed domain payment notification could result in loss of ownership.

DNS scanners could help you detect any of those changes in your domain settings and warn you to take action.

5- SSL Scanner

All websites should be using SSL certificates. They help protect the integrity of the data in transit between the host (web server or firewall) and the client (web browser). SSL certificates make sure no one is able to see or modify the data – such as passwords, credit card numbers, and messages being sent.

Although it is unlikely that the SSL certificate information will fluctuate, it is important to keep track of any changes ie: updates, renewal.  Knowing the status of the certificate helps keep your visitor’s information secure.

6- Uptime Scanner

Websites could go down for a number of reasons. The most important one is when visitors cannot see the site at all. In this case, take action immediately.

Uptime scanners scan websites on the website owner’s chosen frequency. For example, if a lot of people visit one website, it’s better to use extra server resources and have it checked more often.

Conclusion

All of the monitoring features mentioned are in our Website Security Platform. Our Website Application Firewall (WAF) is also part of our platform. So not only do we monitor your website, but we also protect it actively against attacks and hacks.

As an effort to have a more secure website, take at least one step forward by setting up an automatic scanner. Not only will your visitors and customers appreciate a secure and working website, but it will also give you peace of mind.

Since it is National Cyber Security Awareness Month, we would like to invite you to test our Website Security Firewall. You can sign up for a free trial of the Sucuri Firewall to protect your website from hackers. Receive another free month when you chat with our Sales team during the month of October.

We have also started an online contest for U.S. residents. We are giving away three one-year subscriptions to the Sucuri Firewall at the end of October. You can participate by submitting a video on: “Why is Website Security Important?” Check it out!

We have also prepared a series of videos to give you tips on website security. Follow us on our social channels @sucurisecurity.

Stay safe online!

You May Also Like