Secure server – Web Server Security
Nowadays hacking is one of the main issue faced by the web hosting industry and due to this, the site’s reputation will go down. Also, it will affect the web server IP’s reputation too. So the server administrator will secure server to avoid losing the reputation.
After Effects of Hacks
Some hackers have hacked the site for fun and leave. But some others hacked the site and upload spamming scripts and send spam emails or upload vulnerable files and start making an attack to other sites. In effect, the provider who is affecting will raise a complaint against the web server, which is hacked and started the malicious activity. If we didn’t fix the vulnerability within the time, our provider will suspend or terminate the server based on their abuse policy. Also, it will bring down the reputation of the server IP, due to the spamming or other malicious activity and that will affect the other sites hosted in the same IP.
How to avoid hacks
There is no option to completely stop hackers entering into the website, instead, we can some preventive methods to avoid the hacks to a maximum.
Always keep updating the site software to the latest version, since the update is released to fix some vulnerability with the application and if it is not patched, the hackers will use that vulnerability to entering into the site. The update includes site application, themes, plugins, modules etc.
Remove unused plugins and themes
As an administrator, I noticed lots of sites having unused themes and plugins kept under the site without deleting. If you keep updating the plugins and themes, even if it is not used, it is fine. But in general, the site owners will kept the unused plugins and themes without updating and the hackers use the outdated plugins and themes for their activity. So better option is to delete the unused plugins and themes from the site. Backup Always take backup of the sites and kept a working copy at safe place. And automate the backup to avoid taking the backups of latest data. So even if the site is hacked, we can easily restore the site from the backup to avoid downtime with the site. Note: Make sure to find the way it is hacked before restoring, otherwise it will hack again.
Monitor the site
Monitor the site activity at regular interval and check, if any unusual activity noticed. Most of the backups are automated and delete the old backups, so if we didn’t notice the hack within the backup available dates, the backups will overwritten with the new hacked data.
How to find the way it is hacked
It is not an easy way to find the way it hacked and it requires the help of an experienced system administrator. You can contact me, if your site is hacked and need to investigate. I will give some simple methods, which can be performed by site administrators.
Scan the site using updated scanner
Scan the document root of the site with an updated scanner. Updating the virus database of the scanner is very important before performing the scanning. Freely available popular scanners are “clamscan” and “maldet”. Also you can use paid scanners, which is available in your server. Once the scanning is completed, check the infected files individually and clear/delete the file. Also check the same directory where the suspicious file found. Since not all the hack files are detected by most of the scanners. So don’t blindly rely on scanners.
Analyse the logs and time stamp
Check the file time stamp of the detected file and analyse the log around that time for getting any clue. Also check the “POST” requests form the logs too. Also check the files with same time stamp and check.
Note: This will get some list of files which are not detected in scanning and not all files suspicious. You need to manually check the files to confirm it is vulnerable or not.
Always host the site on reputed hosting company with good reviews, don’t run behind cheap providers. If you go behind the cheap ones you need to compromise at some point. Secure server with some real real-time scanners and firewalls.