Malicious code on your web hosting account?
Written by: Jon Eivind Malde

We have started handling any malicious code found on your web hosting account faster and better while also warning you by email. The system is gradually being used on more and more servers and will soon cover all web hosting servers. When the system is in use on all servers you will get a warning within minutes if something is found on any of your accounts.

Why are we doing this?

Malicious code represent a risk to all clients on a server as well as other users online. Hackers can do any of the following with malicious code:

  • Extract all data you have stored in the account/website or insert code to continually have access to your data without you or your clients knowing about it.
  • Send spam or phising emails (which will blacklist the IP addresses of the server and result in email delivery problems for all users on the server).
  • Attack other servers online/your visitors to spread virus/malware or participate in DDoS attacks.
  • Run code to overload the server to impact yours and other websites on the server.

When we find mailcious files we will follow these steps (where next step is only performed of the previous failed):

  1. Check backup for clean file and automatically restore.
  2. Clean file for mailcious code.
  3. Put file in quarantine.
  4. Delete file.

Put in other words; We try to do the least invasive to your website first and use the more drastic actions only when needed. Due to the risk malicious code represents we have to go to these lengths to keep you, your visitors and the Internet as a whole safe.

What system are you using?

The system we use is called Imunify360 and is provided by CloudLinux (who also provide us with the OS we use on all our web hosting servers). We have been using Imunify360 since CloudLinux launched the system in the beginning of 2017 and have been working together on how it should work since. We finally feel the system is mature enough to use more actively and integrated with our own systems. That is why we start handling these files now.

Imunify360 logo

Imunify360 does a lot more than just finding malicious code in files. Among other it:

  • Stops attacks on your website with a web application firewall (WAF).
  • Stops brute force attacks (attempts to find out your password) on services such as SSH, IMAP and more.
  • Patches software on the server which has known vulnerabilities such as the kernel (without having to reboot the server).
  • Stops processes running malicious code while also tracking down the orgin of the attack in the logs.
  • Finds blacklisted domain names.

Imunify360 is in other words an important part of the security of our web hosting servers, and will gradually become more important as the software evolves.

Where can I see the files that have been found?

You have full access to the files and log in the control panel (cPanel) as shown in the guide Malware scanner in Imunify360. You will also be able to restore files from quarantine and white list files identified as malicious when they should not have been (false positive).

Some files mentioned in the emails we send might have been found a long time ago. We could have chosen not to report these, but we do in case they might be important for you. In such old incidents it might also be that the files mentioned are not in your log as Imunify360 did not log these in the same way as they do now.

What should I do if files are found on my web hosting account?

You should first check if your website is working as it should. If the files have been restored from backup or cleaned it should not be necessary to do anything. If they are put in quarantine or deleted you should check if the website solution you use have that file and if it contains malicious code. Ask the provider of the solution or us if you are in doubt.

You should follow the tips in the guide How to secure your website against hackers after checking the files.

Questions or comments? We would be happy to hear from you 🙂

Acronis backup – our new backup solution
Written by: Jon Eivind Malde

We’ve been using R1soft backup as backup solution for all our services since 2007. The solution worked well for us initially. Much was promised in terms of upcoming new features for our clients. What was promised was unfortunately never delivered no matter how many times we pointed this out.

In addition to the fact that the product has not developed significantly over the years, we’ve also experienced an increasing number of errors with the solution. Anyone can have errors, but for us the amount became larger than what we considered acceptable. Every second counts when we need to restore from backup and having to deal with errors in the middle of a disaster recovery can significantly delay when we are back to normal operations.

Choosing new backup solution

In the past year, we have tested many backup solutions to find the one that provides the best user experience and functionality for our customers. At the same time, it has also been important that the performance must be at least as good as before. Acronis’ backup solution differed significantly from the other solutions and became the natural choice, although the solution is 3 times as expensive for us as our previous solution. Don’t worry – you won’t have to pay more. There is a saying “You get what you pay for …” and it seems to be the case here 🙂

Acronis

Acronis delivers solutions to more than 5 million end users and 500 000 businesses in more than 150 countries worldwide. They have won numerous awards for their solutions since its inception in 2003.

Here are some of the advantages compared to R1soft backup:

  • Faster backup restore (testing was up to 10 times faster)
  • It is now possible to restore email addresses, forwarding etc. (which is then correctly set up on the server)
  • Imunify360 (security software on our servers) will automatically replace files that are infected by malware from backup if there are uninfected files there
  • When logging in via cPanel you do not have to enter your username and password as you sometimes had to before
  • Improved logging so you can see what’s restored and when it’s finished
  • Generally less errors during restore operations

Transition information

As of April 15, all web hosting accounts will be covered by Acronis backup. Unfortunately, in the transition there will be smaller backup entries available via cPanel. If you need older backups, please contact support so we can restore this for you during this period. This is not ideal for either you or us, but we hope for your understanding in our efforts to improve our service to you. We apologize in advance for the inconveniences it causes for customers who want to restore from older backups.

The transition to Acronis will also enable us to offer you more
related solutions. We will publish more information about this as it is launched.

Our new backup restore guide:
Guide for restoring backup from Acronis

Do you have questions or comments? Then we would love to hear from you 🙂