Podcast | Understanding Security and its Importance in eCommerce

Podcast eCommerce security Plesk blog

Another month, another episode of the Official Plesk Podcast: Next Level Ops! In this episode, we have Chris Teitzel, the Founder of Lockr.io. Chris is a cybersecurity expert, and we’re going to get pretty deep on the importance of security when it comes to your eCommerce store, and how you can reduce liability while focusing on what you do best: running your business.

Plesk podcast Chris Tietzel Lockr

In This Episode: Security, SSL, and PCI Compliance

Chris has quite a résumé. On top of running a cybersecurity agency, offering a product that touts some of the highest-level security available, and teaching people about how to secure their websites, he also sits on the Data Privacy and Integrity Advisory Committee (DPIAC) for the Department of Homeland Security.
As Chris mentions in the episode, every decision they make there, which affects privacy and security for larger organizations, trickles down to small businesses:

All of the policies and all of the procedures and everything that we talk about at scale apply to even the smallest companies. But the hardest part about being a small online retailer is that you don’t have the bandwidth to go and do that.

So while those large organizations have the money and team to implement these regulations and mitigate liability, most of us don’t. What can we do? Luckily, there are a lot of great tools out there to help small business owners do the same thing without the mounds of money. 

The first is using an established payment gateway like Stripe and Square to accept payment processing. You don’t need to become a merchant and accept the legal liability of taking credit cards any more. Within a few minutes, you can set up a Stripe account and be ready to go.

The second is SSL certificates through Let’s Encrypt. If you’re accepting payments, you need to use https, and that requires an SSL certificate (or more accurately, as we discuss in the episode, a TLS certificate). With Let’s Encrypt you can get a free certificate that is just as good as the paid ones, as far as security goes.

These 2 services will allow you to accept payments online without the need for millions of dollars to be compliant.

Key Takeaways

  • SSL stands for Secure Socket Layer, and it allows you to send secure data over the internet. As Chris puts it, “[SSL] allows 2 parties to connect and talk over a secure pipeline,” which establishes, “trust in an untrusted environment.”
  • SSL certificates protect from “Man in the Middle” attacks – basically a bad actor attempts to intercept data as it’s sent from a computer to your website.
  • Let’s Encrypt is quickly becoming the go-to for many people to implement SSL on their site. It’s free and offered by most hosting companies, meaning no website has an excuse not to use it.
  • Using managed hosting for your WordPress or WooCommerce site also helps keep your site secure. This allows you to focus on what you do best, because that’s where you’ll make money.
  • Anyone accepting credit cards needs to be PCI Compliant. This is a global standard set by the major Credit Card companies to ensure data security when processing credit card transactions. Luckily today, we have Stripe and Square, who accept the compliance and liability that goes with it.

The Official Plesk Podcast: Next Level Ops Featuring


Joe Casabona


Joe is a college-accredited course developer and podcast consultant. You can find him at Casabona.org.


Chris Teitzel


Chris is the Founder of Lockr.io.


Did you know we’re also on Spotify and Apple Podcasts? In fact, you can find us pretty much anywhere you get your daily dose of podcasts. As always, remember to update your daily podcast playlist with Next Level Ops. And stay on the lookout for our next episode!

Setting up Your Ideal Web Development Environment With Plesk Essentials

Morning beverage ready. Mail and calendar checked. Daily meeting with the team done – It’s time to start your engines and crack on with your project. If you’re familiar with this sequence, it’s because you’re also immersed in the web developer’s everyday routine.

Carrying out your daily tasks might be an easy-peasy chore. But when it comes to beginning a new project from scratch. And setting up your web development environment, you might need to add on a few more steps. Before starting cooking up a new project, you must have all the ingredients sorted. That is, for example, prepare all the data and tools you’ll need along the way.

And indeed, there’s a significant amount of web development tools out there. But what tools are suited to web developers? How do you decide which ones to have in your toolbox? In this article, we’ll bring you some prime extensions and toolkits that will make your web development experience even better. Let’s get ready to know some of Plesk’s essentials for web development, DNS, security, SEO, server, and backup.

Organizing Your Toolbox

At Plesk, our goal is to make web development simple and easy. And its integrated platform with full development and deployment capabilities allows you to build, secure, and run servers and websites. But if what you want to know is how to level up your skills with great tools, here are some excellent examples. Let’s dig deeper:

DNS, Security, and Web Plesk Extensions for Web Developers

Plesk DNSSEC

The DNSSEC acronym stands for Domain Name System Security Extensions. It’s a set of DNS protocol extensions that sign DNS data to secure the domain name resolving process.

The Plesk DNSSEC extension helps make the Internet safer. Let’s see what it allows you to do:

  • Configure the settings used for key generation and rollover.
  • Sign and unsign domain zones according to the DNSSEC specifications.
  • Receive notifications related to DNSSEC records and keys.
  • View and copy DS resource records and DNSKEY resource record sets.

Docker

Docker is a handy software technology that provides containers. That means an extra layer of abstraction and automation of operating-system-level virtualization. As a flexible Plesk tool, Docker can help you perform a wide variety of tasks. But that’s not everything. Docker also removes the obstacles to adapt to new technologies digitally as it uses existing technologies. This way, it acts as an assistant between different operating systems and developers.

The extension also frees applications from system infrastructure. Allowing expansion in capacity through collaboration. Here’s more of what you can achieve with Docker for Plesk:

  • On-demand access to a vast range of modern technologies.
  • Upload a custom image or choose one from a catalog.
  • Deploy and manage Docker containers straight from the Plesk interface.
  • Install Docker containers locally or to a remote node registered in Plesk.

Web Presence Builder

If you’re a beginner in web development, Web Presence Builder is the right tool for you. It doesn’t require great HTML knowledge or graphic design skills. This tool helps you create professional-looking websites not bad, huh?

Web Presence Builder also provides a simple visual editor and a broad set of templates for different websites. Pick a page design that you like and your content template. And then add your text to the pages and publish the website. Here’s what you can do with this tool:

  • Create web pages.
  • Add a wide variety of content (text, images, video, scripts, and more).
  • Edit website settings (website name, keywords, icons, and so on).

Joomla! Toolkit

Up next it’s the Joomla! Toolkit. A complete toolkit to power Joomla! websites. With this toolkit, you can mass-manage, secure, and automate all your instances, extensions, and templates running on a server managed by Plesk. All from one single entry point. Here’s more:

  • One single dashboard to control, maintain and monitor all your instances.
  • One-click installer to download, initialize, and configure Joomla! from start to finish.
  • It hardens your site against all types of cyberattacks with its robust security scanner.

Plesk WordPress Toolkit

As a developer, you’re probably craving lots of features and intelligent tools that make your daily workload easier to digest. Well, we’re proud to say that our beloved Plesk WordPress Toolkit is definitely one of them. With this toolkit, you can focus on core tasks and automate the mundane ones. And substantially increase productivity, security, and efficiency too.  

The Plesk WordPress Toolkit is by far the most complete tool for WordPress admins seeking pre-configured solutions for the best possible performance. As well as an intelligent tool that helps to always keep their WordPress sites secure and up-to-date without breaking a live site. In case you’re not falling yet, here’s why using this tool is not only a smart idea but also a rewarding experience: 

  • Manage all WordPress sites on the server simplifying admin tasks.
  • Install, activate, update, and remove plugins and themes from one single dashboard.
  • Keep the highest level of security selectively securing websites.
  • Clone and stage websites to simulate changes before going live. 
  • Synchronize the changes between files and databases of different sites.
  • Optimize SEO for higher traffic and manage WordPress search engine indexing.

Smart Updates

A great addition to the Plesk WordPress Toolkit is the Smart Updates feature. This power-tool combo automatically updates WordPress core, plugins, and themes using AI. Here’s more:

  • Smart Updates clones and simulates your WordPress updates before performing them.
  • It mitigates the risk of hacked sites by running updates in a secure staging environment without affecting production. 
  • You can activate Smart Updates in WordPress Toolkit with a switch, as well as automate update analysis email notifications.

SEO, Backup, Cloud, and Server Plesk Extensions for Web Developers

SEO Toolkit

Along with the performance, a thought-out SEO strategy is fundamental to improve your search engine rankings. And with better rankings, more visibility, traffic, and conversions. 

Organic search can become your primary source of clicks, traffic, and revenue for your business. With the SEO Toolkit, you get all the tools you need to give your customers a chance to find you online. And help them pick your website over those of your competitors. We’re listing some reasons why you should use SEO Toolkit for your website:

  • Track SEO KPIs and check your website’s Visibility Score to measure your success.
  • Site Audit analyzes your site and gives you tips on how to enhance optimization.
  • SEO Advisor provides you a to-do list to improve your performance based on your Site Audit and Visibility Score.
  • Log File Analyzer will crawl your site and pages to help search engines rank and index them accordingly.
  • Check each of your keyword’s performance and compare it directly to your competitors’.

Google PageSpeed Insights

As explained above, one of the main worries for web developers is site performance. Because after all the work you’ve put into your web development, you just want it to work smoothly and without any issues. But don’t panic – Here’s what you need to know to achieve good visibility in search engines. 

First of all, you need to create websites that are fast, useful to your visitors, optimized for all traffic, and most importantly, mobile-friendly. And secondly, you should monitor your sites with tools like Google PageSpeed Insights. It will help you analyze your website’s content and its performance to suggest specific improvements. Here’s how the PageSpeed Insights extension works:

  • Analyzes the performance of websites hosted on your Plesk server.
  • Assigns every website a desktop and mobile score depending on its performance.
  • Generates a report based on the results of the analysis and displays suggestions to optimize your websites’ performance.
  • Provides links in the extension UI to the suggested tools aimed at improving websites’ performance (for example, the mod_pagespeed Apache module).
  • Gives already compressed files to reduce the size of static files (free API key required).
  • Installs the mod_pagespeed Apache module and lets you configure it for your needs.

Plesk Cgroups Manager

Often, web developers suffer what’s known as the ‘noisy neighbor’ problem. For those who aren’t familiar with this concept, this issue occurs when a website on a shared hosting consumes all system resources and disrupts the performance of other websites.

To avoid this common problem, we recommend using the Plesk Cgroups Manager extension. This solution helps you deliver reliable and continuous availability. The Cgroups Manager lets you control the amount of CPU, RAM, and disk read/write bandwidth resources each subscriber or tier of subscribers gets. You can use Plesk Cgroups to:

  • Prevent consuming of resources of your server by some of the subscriptions on your shared environment.
  • Automatically set a limit of resource consumption, monitor it, and send email notifications when it exceeds a certain level.
  • Set limits at two levels – subscriber service plan level or subscriber level.

Backup to Cloud Pro

Last but not least, we find the Backup to Cloud Pro extension. This solution is for all web professionals that want to set up different backup schedules to the cloud effortlessly. What’s more, it allows you to focus on more exciting and innovative tasks as it automates your backup management. It’s easy to set up and you can secure your domains with Google Drive, Amazon S3, DropBox, DigitalOcean Spaces, and Microsoft OneDrive:

  • Back up the entire server, individual user accounts with websites or individual subscriptions.
  • Schedule backups.
  • Restore data from backup archives.

CyberDeals Sale – 50% Off Selected Plesk Extensions and Toolkits

Thank you for reading up to this point – As a reward, we want to share with you a sneak peek of what’s coming soon this November. From Friday 27th until Monday 30th, we’re giving 50% off all the extensions listed in the article as part of our CyberDeals sale. So if you don’t want to miss out on these unbeatable offers, stay on the lookout for new updates. And catch them before they fly! 

The Plesk WordPress Toolkit 5.1 Release – Backup Limits, Localization Support, and More

We’re proud to announce that the Plesk WordPress Toolkit v5.1 is now publicly available. So, let’s see what this release brings to the masses.

Discover the WordPress Toolkit 5.1

Backup Limits

Backup functionality was introduced back in WordPress Toolkit v4.10. And we have already received quite a lot of feedback about it. The most popular request was about limiting the number of available backups to prevent end-users from subtly eating up all their storage space. We’ve added the limit to Plesk Service Plans under the Resources tab:

The limit is enforced on a per-site basis for the whole subscription. So, each site on a subscription gets to create the allowed number of backups. If you set the limit to 0, the backup feature becomes unavailable to end-users. Which is handy for those admins who want to fully restrict access to the new backup feature.

cPanel changes

A month ago we released WordPress Toolkit for cPanel. And we’re striking the iron whilst it’s hot. That means we’re implementing a lot of changes specific to cPanel. Let’s quickly go through them:

Database User Management

The Database User Management feature was already available in Plesk before. Unfortunately, though, it didn’t fit into the WordPress Toolkit 5.0 schedule. Since we want WordPress Toolkit to be as identical as possible on both Plesk and cPanel, we’ve added this ability in WordPress Toolkit 5.1:

New Security Measure

The “Block directory browsing” security measure was missing in the initial release of WordPress Toolkit 4 for cPanel. This was due to certain technical issues we didn’t have the time to properly resolve back then. Now, we’ve fixed everything that needed fixing. So we’re introducing this security measure on cPanel:

Localization Support

WordPress Toolkit v5.1 now supports multiple different languages on cPanel. Whenever you change your language in WHM or cPanel, WordPress Toolkit will also switch to this language. This change affects both WHM (with server-wide locale setting) and cPanel (with user-specific language setting).

Changelog

WordPress Toolkit changelog isn’t the easiest thing to find, especially for cPanel customers. To remedy this, we’ve added the ability to view product changelog from the global WordPress Toolkit settings:

WordPress Toolkit has a single unified changelog for both Plesk and cPanel, since it’s the same product, just on different platforms. Filtering out information about the platform you need isn’t particularly easy. We’re looking into improving the changelog UI and UX in the future.

Improvements, Bugfixes, and Future Plans

Speaking of changelog, it clearly shows that WordPress Toolkit 5.1 includes more bugfixes than usual. But don’t worry – This is not caused by the sloppiness of the WordPress Toolkit dev team. We’re simply putting more focus on the stability and robustness of the product, which means fixing more bugs 🙂 

Besides improving site list performance on cPanel, we’re also planning to implement several internal enhancements. That hopefully will make WordPress Toolkit more stable and robust, leading to fewer bugs down the road. We’re also going to address a couple of other hot topics. Like adding sets for resellers by the end of 2020 – but we’ll get back to you with it when it’s fully developed. 

One of the upcoming WordPress Toolkit releases will focus heavily on addressing issues related to cloning, which should also improve Smart Updates’ performance.

…As you see, we have a lot of things in store for the future. So stay tuned for the upcoming WordPress Toolkit releases. And drop us a line in the comment section if you’d like to share your experience with us. Thank you for your attention and see you next time!

Next Level Ops Podcast: Must Haves for Managed WordPress Hosting with Andrey Kugaevskiy

Next Level Ops Podcast: Must Haves for Managed WordPress Hosting with Andrey Kugaevskiy - Plesk

Hello Pleskians! This week we’re back with the fifth episode of the Official Plesk Podcast: Next Level Ops. In this installment, Superhost Joe speaks to Andrey Kugaevskiy, Plesk’s WordPress Paladin. Andrey tells us what to consider when setting up or looking for Managed WordPress Hosting.

In This Episode: Car Mechanics, One-click Hosters, Outdated Plugins, and More

In This Episode: Car Mechanics, One-click Hosters, Outdated Plugins, and More - Next Level Ops Podcast: Must Haves for Managed WordPress Hosting with Andrey Kugaevskiy - Plesk

How well do you know your hosting? Is your website, blog or e-commerce store secure and up to date? Do you get all the support you need? According to Andrey, choosing the right Managed WordPress Hosting is not a bed of roses. It’s, in fact, quite a tricky decision. 

For Andrey, hosters that specialize in WordPress take the pole position. Because every fast, modern, and secure Ferrari has a super-qualified team behind it. “A good Managed WordPress Hosting should handle the things you shouldn’t care about – like the technical infrastructure. So you should only be focused on growing your site or application”, says Andrey. 

Thank you master Andrey for your wise words. We’ll make sure our listeners follow your piece of advice when picking their Managed WordPress Hosting.

“A good Managed WordPress Hosting should handle the things you shouldn’t care about - like the technical infrastructure. So you should only be focused on growing your site or application.”

Andrey Kugaevskiy

Key Takeaways

  • Do your research beforehand: When choosing your hoster, make sure you spot the WordPress connoisseur. Having knowledgeable staff that can support you and your site, makes all the difference.
  • Know your resources and competence: Look at how many visitors you’ll have. There’s a big tech stack running on the hardware (Web, MySQL, PHP, Cache, security). And security is in a weird place right now between totally locked down and unusable, and more free-flowing and open. It’s a question of your knowledge, flexibility, and control.
  • Let your hoster take care of you: Managed WordPress Hosting should care about security issues and good performance. Outdated plugins are a common security problem. It’s important to keep your site up to date. And learn how to optimize your site for better results.
  • WordPress is here to stay: WordPress is growing extremely fast. So, it’s pretty clear that all hosts should have some kind of WordPress support. And most importantly, a bunch of experts. Hosts that don’t do anything for support, could face being left behind.

Alright Pleskians, it’s time to hit the play button if you want to hear the rest. You can listen to our previous episodes here and here. Or if you want to simplify the way you manage your website, you can also take a peek at our WordPress Toolkit. We’ll be back soon with the next installment!

The Official Plesk Podcast: Next Level Ops Featuring

Joe Casabona

Joe is a college-accredited course developer. He is the founder of Creator Courses.

Andrey Kugaevskiy

Andrey is a Senior Program Manager at Plesk.

Remember to update your daily podcast playlist with Next Level Ops. And stay on the lookout for our next episode!

Next Level Ops Podcast: Tips for Keeping Your Server Secure with Igor Antipkin

Hello Pleskians! This week we’re back with the fourth episode of the Official Plesk Podcast: Next Level Ops. In this installment, Superhost Joe speaks to Igor Antipkin, Plesk’s Security Warlock. Igor shares his philosophy on the multifaceted role security plays in projects. And sheds light on how users can reduce security risks.

In This Episode: Threat Modelling, Thinking About Risks and How to Not Become a Security Engineer

In This Episode: Threat Modelling, Thinking About Risks and How to Not Become a Security Engineer - Next Level Ops Podcast: Tips for Keeping Your Server Secure with Igor Antipkin - Plesk

What are some of the common security issues that end users encounter? How can users protect their servers against security vulnerabilities? According to Igor, there are no easy steps when it comes to server security. Instead, users can follow some general recommendations to identify and deal with risks. 

“Security is a process,” says Igor, “It’s an approach that should be taken into account when you work on a project.” The first step is to identify potential security risks in the design phase of the project. Think, think and think some more. What kind of risks can you encounter? What should you best protect yourself from? “Just don’t think so much, otherwise you face the risk of becoming a security engineer,” says Igor. 

Thank you Igor, we’ll make sure our listeners heed this piece of advice!

“Security is a process. It’s an approach that should be taken into account when you work on a project.”

Igor Antipkin

Key Takeaways

  • Use threat modeling to identify potential security risks. Consider possible security risks in the project design phase. The kinds of threats and risks you might have – list them, write them down (and hopefully don’t leave your notebook lying around). One advantage of using this approach is minimizing the likelihood of security breaches. And it reduces rework in the later stages of your project.
  • Educate your users about security risks. End users today should care more about security. Outdated software is the most common problem in this scenario. It’s important to keep your software up to date. And making sure that you install all the latest updates.
  • Use the principle of least privileges. Limit user permissions based on individual roles to give access where it’s needed. This limits the amount of damage any single individual can do to a website or server.
  • Be informed about the software you use. Inform yourself about software security as much as you can. Stay involved in the community to stay up to date about potential issues.

…Alright Pleskians, it’s time to hit the play button if you want to hear the rest. If you’re interested in Plesk extensions, check out our previous episode. If you want to check out some tools to spruce up your security, take a look at this guide. We’ll be back soon with the next installment.

The Official Plesk Podcast: Next Level Ops Featuring

Joe Casabona

Joe is a college-accredited course developer. He is the founder of Creator Courses.

Igor Antipkin

Igor is a Security Engineer at Plesk.

As always, remember to update your daily podcast playlist with Next Level Ops. And stay on the lookout for our next episode!

How to manually remove website malware

Remove website malware

We all face daily cybersecurity challenges. No matter how hard you try, you’ll never reduce the chances of being hacked to zero. But server security solutions are here to help prevent and detect unauthorized access. Do you need help learning how to remove website malware?

There are always comfortable automated ways to manage these threats, like one of our most appreciated extensions for this purpose, ImunifyAV.

Alternatively, let us help you get one step ahead of the hackers with our guide to manually removing website malware.

File with malware

Main malware strains

Main malware strains

Hackers can get into your systems in various ways. One popular way is via injections attacks. Injections happen when an attacker inserts a file, in-memory cache or database entry into a system component.

Code injection

  • You can insert code into existing PHP or Perl programs to create backdoors or automated uploaders.
  • You can modify the contents of the .htaccess file to redirect visitors to other sites for the purpose of phishing or SEO hijacking.
  • You can alter JavaScript (.js) and HTML files to insert unwanted advertising scripts or content (so-called malvertising).
  • An attacker can modify and use Exif information (meta-data to add info to image files eg. JPG) to carry malicious payloads to other parts of the file system or other sites.

Hackers will often take full advantage of their position, and plant malicious code in multiple places.

Cache injection

A cache is a small, high-performance store of memory. If you don’t secure the server that maintains the caches, then memory can be overwritten in situ. If the affected portion of memory is a cached version of a web page, then a hacker can inject code or malicious content without changing website functionality.

Hacker scripts

Hacker scripts can take many forms, and serve many purposes. Scripts for back doors, uploaders, spammers, and phishing links can create web doorways, or site entry points to manipulate search engine indexes. Hackers can also create defacement scripts simply to cause damage, or prop up their own ego.

Replacing system components

Every hacker wants root access to your server, so they can replace any web server component with their own malicious version. Attackers can control entire sites, and add or modify their behavior as they need. They can also remotely control the script to issue redirects or new portions of malicious code. If an attacker hides this component carefully, then it’s difficult to detect. Because the website appears to be working normally.

How to manually remove malware and repair your website

Manually removing malware

Now let’s assume you’re scanning your site with your favorite cybersecurity software, like Imunify360 or ImunifyAV. Use the following manual inspection techniques to make sure it’s doing a good job and start to manually remove malware.

IMPORTANT: Before continuing, ensure you have a full and working backup of your entire system.

File scanning

Traditionally, Linux-type systems have limited facilities for detailed file scanning and inspection. So let’s use what we have, in the form of find and grep. First, by searching the file system for all modified files within the past 7 days, where the file name extension begins with ph (to cover .php and .phtml):

find . -name '*.ph*' -mtime -7

However, what if a hacker considers this first? And resets file modification dates. Then check to see if file attributes have changed. Here’s how to do that for .phtml and .php files.

find . -name '*.ph*' -ctime -7

We can narrow down the period we’re looking at, by using the newermt option of find. Eg. To look for a file changed between the 25th and 30th of January 2019:

find . -name '*.ph*' -newermt 2019-01-25 ! -newermt 2019-01-30 -ls

Now we can introduce the grep command. This can recursively scan for and report patterns in files. Eg. To look for a portion of a URL in any file in the current directory, or any within it:

grep -ril 'example.com/google-analytics/jquery-1.6.5.min.js' *

Permissions checks

If you suspect a breach in your web server or file system, check file permissions. You can do this with the following command:

sudo find / -perm -4000 -o -perm -2000

Check for active processes

If a file system scan shows nothing unusual, take a look at what’s running on the system. See what PHP scripts are running using:

lsof +r 1 -p `ps axww | grep httpd | grep -v grep | awk '{ if(!str) { str=$1 } else { str=str","}} END{print str}'` | grep vhosts | grep php

Analyzing malicious code: what to look for

You now know some of the basic techniques to search for files and file content. To go deeper when you manually remove site malware, you need to know what to look for. Here’s a helpful checklist.

Check rarely visited directories

System administrators rarely look in directories like upload, cache, tmp, backup, log, and images, making them ideal locations for hackers to hide malicious files.

Note: On PHP-based CMSes such as Joomla, check directories for .php files in the wrong places. If you’re on a WordPress site, check the wp-content/uploads, and the backup and theme cache directories.

Here’s an example of a command that checks for PHP files in an images folder:

find ./images -name '*.ph*'

Treat any similar files in such places suspiciously.

Files with strange names

Even though file names come in a wide variety, certain names should raise a red flag. Here are some examples:

  • php (no extension)
  • fyi.php
  • n2fd2.php

Note any unusual patterns or combinations in file names, letters, symbols and numbers. File names that are naturally unreadable are:

  • srrfwz.php
  • ath.php
  • kirill.php
  • b374k.php.php (double extension)
  • tryag.php

Hackers also exploit the habit of some programs that append numbers to copies of existing files. So lookout for files like:

  • index9.php
  • wp3-login.php

Look for unusual file name extensions

You don’t normally associate certain file name extensions with CMSes like WordPress. So if you see any of these, take note:

  • .py (Python code extension)
  • .rb (Ruby code extension)
  • .pl (Perl code extension)
  • .cgi (CGI code extension)
  • .so (Shared object extension)
  • .c (C source code extension)

Moreover, you also wouldn’t expect to find files with extensions like .phtml or .php3. If you discover any of the above on a PHP-based CMS website, then you should inspect it closely.

Look for non-standard attributes and creation dates on files

Another sign of suspicious files involves the file owner attribute. So you need to watch out for the following:

If you see a number of .php files sent to a server via ftp or sftp were transferred with the owner attribute set to myuser. But in the same directory you see files where the owner attribute is www-data.

You must also check script creation dates. If the date is earlier than website creation, then you need to be suspicious.

Look for large numbers of files

Directories containing hundreds or thousands of files are good places for a hacker to hide malicious scripts and payloads. Such large numbers of files indicate a doorway, or a form of blackhat SEO.

You can detect such directories with the find command. We recommend you start in a specific directory to limit your search and avoid loading a system. The following example helps you find the top 25 directories with the largest number of files.

find ./ -xdev -type d -print0 | while IFS= read -d '' dir; do echo "$(find "$dir" -maxdepth 1 -print0 | grep -zc .) $dir"; done | sort -rn | head -25

(You can read more about file (inode) searching at StackExchange.)

Checking your server logs

Check server logs

You can also check any system through an inspection of the server log files. Here you can learn many things. For example:

  • You can tell how the spam email was sent (when and where it was sent from, the access_log file, and what script invoked the mail command).
  • You can check FTP logging. Tools such as xferlog tell you what was uploaded or changed, and who did it.
  • You can discover the location of any mail-sending PHP scripts with the correct configuration of your mail and PHP servers.
  • You can check to see whether your CMS has additional logs to help you track down the source of an attack. This might help you determine whether an attack was external or came in via a CMS plugin.

Both access_log and error_log files are good sources of information. If you know which scripts are the attack vectors, you may be able to find the source IP address, or the HTTP user agent value. You may also be able to see if a POST request was made at the same time of the attack.

Checking the integrity of files

You deal with attacks more easily if you have adequate preparations in place, like recording the state of files in their pristine state. You can then compare them to the same files after an attack. You can do this in various ways:

Use source code control systems such as git, SVN or CVS. In the case of git, you can simply utilize these commands:

git status 

git diff

Using source code control ensures you have a backup copy of server files. You can restore these easily in the event of a cyber attack.

Tools that can alert you when anything on a file system changes include:

In some cases, version control isn’t possible. For example, when using shared hosting. One workaround is to use CMS extensions or plugins to monitor file changes. Some CMSes even have their own built-in file integrity.

You can keep track of what files you have at any one time with the command to catalog all the files on a system:

ls -lahR > original_file.txt

You can compare this file later with a fresher copy using comparison tools like WinDiff, AraxisMerge Tool, BeyondCompare, the Linux diff command, or even compare snapshots online. This lets you see what files have been added or removed.

This whole process certainly looks pretty complex. You can always choose to fully automatize it – using for this purpose ImunifyAV.

Comfortable Alternative to a Day’s Work – ImunifyAV

ImunifyAV

For added confidence, it’s good to know how to manually check your system for problems. And it’s a good way to learn some system administration techniques, like how to manually remove malware. Having a comprehensive server security solution such as ImunifyAV, a free antivirus and anti-malware scanner, is the first step towards a safe and secure website. You can easily upgrade to ImunifyAV+ and get a built-in, one-click, fully automated cleanup feature.