Malicious code on your web hosting account?
Written by: Jon Eivind Malde

We have started handling any malicious code found on your web hosting account faster and better while also warning you by email. The system is gradually being used on more and more servers and will soon cover all web hosting servers. When the system is in use on all servers you will get a warning within minutes if something is found on any of your accounts.

Why are we doing this?

Malicious code represent a risk to all clients on a server as well as other users online. Hackers can do any of the following with malicious code:

  • Extract all data you have stored in the account/website or insert code to continually have access to your data without you or your clients knowing about it.
  • Send spam or phising emails (which will blacklist the IP addresses of the server and result in email delivery problems for all users on the server).
  • Attack other servers online/your visitors to spread virus/malware or participate in DDoS attacks.
  • Run code to overload the server to impact yours and other websites on the server.

When we find mailcious files we will follow these steps (where next step is only performed of the previous failed):

  1. Check backup for clean file and automatically restore.
  2. Clean file for mailcious code.
  3. Put file in quarantine.
  4. Delete file.

Put in other words; We try to do the least invasive to your website first and use the more drastic actions only when needed. Due to the risk malicious code represents we have to go to these lengths to keep you, your visitors and the Internet as a whole safe.

What system are you using?

The system we use is called Imunify360 and is provided by CloudLinux (who also provide us with the OS we use on all our web hosting servers). We have been using Imunify360 since CloudLinux launched the system in the beginning of 2017 and have been working together on how it should work since. We finally feel the system is mature enough to use more actively and integrated with our own systems. That is why we start handling these files now.

Imunify360 logo

Imunify360 does a lot more than just finding malicious code in files. Among other it:

  • Stops attacks on your website with a web application firewall (WAF).
  • Stops brute force attacks (attempts to find out your password) on services such as SSH, IMAP and more.
  • Patches software on the server which has known vulnerabilities such as the kernel (without having to reboot the server).
  • Stops processes running malicious code while also tracking down the orgin of the attack in the logs.
  • Finds blacklisted domain names.

Imunify360 is in other words an important part of the security of our web hosting servers, and will gradually become more important as the software evolves.

Where can I see the files that have been found?

You have full access to the files and log in the control panel (cPanel) as shown in the guide Malware scanner in Imunify360. You will also be able to restore files from quarantine and white list files identified as malicious when they should not have been (false positive).

Some files mentioned in the emails we send might have been found a long time ago. We could have chosen not to report these, but we do in case they might be important for you. In such old incidents it might also be that the files mentioned are not in your log as Imunify360 did not log these in the same way as they do now.

What should I do if files are found on my web hosting account?

You should first check if your website is working as it should. If the files have been restored from backup or cleaned it should not be necessary to do anything. If they are put in quarantine or deleted you should check if the website solution you use have that file and if it contains malicious code. Ask the provider of the solution or us if you are in doubt.

You should follow the tips in the guide How to secure your website against hackers after checking the files.

Questions or comments? We would be happy to hear from you 🙂

How to recognize and avoid fake emails?
Written by: Isabelle

Fake emails are one of the biggest security threats online against private individuals and companies. Behind these emails are scammers trying to steal your personal information to abuse this. In a survey conducted by Intel Security, 80% of people cannot identify phishing emails.

What is a fake email and what is phishing?

A fake email is a type of fraud. Most of the times so called phishing is used. Phishing is a term for digital spying or “fishing” for sensitive information, such as passwords or credit card information.

A phishing email will try to cheat the receiver into believing the sender of the email is someone else. The email will contain logo and other elements to give the impression its a serious and genuine email. It will encourage you to click the links in the email. These links will lead to what may appear as a serious website, such as Google, DNB or any other companies we deem as secure and trustworthy. In reality you have now accessed a fake website created by the scammers, who will have access to any information you enter on the website.

fake emails

An increasing issue

Statistics shows that phishing and fake emails is an increasing issue when it comes to security. According to  “Enterprise phishing resiliency and defense report” phishing has increased with 65% in 2017. Wombat security reports in “2018 state of the Phish” that 76% of companies had reported being subject to phishing attacks in the past year.

As much as 95% of all attacks on company’s networks are the result of a successful spear phishing attack (an advanced and targeted form of phishing often directed towards companies) according to Networkworld.

Take precautions

There are several precautions you can do in order to avoid being a victim to fake emails and phishing, as a person and a company. An advanced and sophisticated spam filter is the first line of defense since this will stop many of the fake emails. All our web hosting includes spam filter. If you have Pro Premium hosting you also have access to SpamExperts, which is a more advanced and accurate spam filter.

Since the human factor is the weakest link when it comes to this problem, the most important measure you can do is get yourself (and your employees) familiar with some guidelines:

  • Do not trust senders name

    One of the most used tactics for fake emails is abusing the senders name. Do not trust the senders name, but also check the email address as well. If it seems suspicious, do not open the email.

  • Look, but do not click

    If the email contains links, hover the mouse over these to check where they lead but do not click. If the link appears suspicious, do not click them.

  • Check for spelling mistakes

    Companies and organizations are meticulous with their emails. Serious emails normally do not have spelling mistakes or poor language.

  • Analyze the subject

    If the email is addressed to “Dear client” it could be a sign of a fake email. Companies and organizations normally use a greeting including at least the first name of the client.

  • Do not give out personal information

    Banks and companies with access to sensitive information will never ask you to provide this information via email.

  • The use of “urgent” or any threatening language in the subject

    Giving the impression the email is urgent or using fear is a tactic often used in phishing emails.

  • Check the signature

    Lack of details regarding the sender and how you can contact the company is often a sign of phishing. Serious companies will always include their contact information.

  • Do not open attachments

    Fake emails often include attachments with malware. If you open this it can destroy files on your computer, steal your passwords or even spy on you without your knowledge. Do not open attachments you did not expect to receive.

  • Be skeptical 

    These fake emails have become highly sophisticated. Even though an email has the company’s logo, correct spelling and appears to be a valid email, this does not mean it is. Be skeptical and if you find an email to be suspicious, do not open it.