It is a well known fact that security maintenance is critical in protecting your online property. In particular, we recommend being extra vigilant in maintaining the security of the networks used to access hosting accounts and of the code hosted on your site. We’re lucky enough to have some awesome security experts in our team here at TPP, and so we’d like to share with you a few insider tips to keep you as secure as possible.
Web hosting accounts have become a popular target for people and organizations looking to distribute malware on the Internet. Entry is typically gained by compromised FTP details (often gained from malware already installed on your system or systems connected to your home/work network), or by exploitation of common programming flaws in PHP/ASP code running on your site (such as SQL Injection or XSS).
It is important that users not only keep their own computers secure, but also remain up to date with security patches and issues with any products they have installed on their hosting account (for example CMS’s such as Joomla and shopping cart software such as ZenCart, as well as being aware of how to prevent and identify security issues in your own code.
How do I know if my site has been compromised?
An obvious indicator that your site has been compromised and used to distribute malware to unsuspecting visitors is if your browser, AV product or Google warns you about it when you try and visit it. However, prevention is better than cure, so here’s how to spot clues that you could be compromised before it affects you…
FTP Logs
Keep a close eye on your ftp logs. If you see an entry in your ftp logs that isn’t you, then someone else has access to your site.
New files appear in your hosting directory
TPP will only ever add files to your http[s] docs directory when we are aiding a debugging issue, and we will tell you about it when we do so. If you notice any new files appear in your http[s] docs directory and you don’t know how they got there (i.e. they weren’t created by you or your webcode/cms/etc..) then you should probably treat them as suspicious.
Files have been modified
If you notice the modification time on a file has changed or you notice any changes to your code, this is a fairly good indication that someone or something has access to your account.
What should I do if my site is compromised?
The best thing to do is call the team here at TPP and one of our customer support team can help you through. We understand that you would want to restore your site to a known-good state. Our teams can restore a site or database from our backups, or you can re-upload the compromised files from your own local copy.
Once you have restored your site, you will then need to secure the access to it. We would recommend you change all your passwords and make sure all your software is up to date with the latest security and bug fixes.
If you have any specific questions on TPP Web Hosting or security issues, please contact us on 1300 665 491.
