What are the primary basic steps to secure my server or website?
If you are facing any website defacement issue or email compromised or spamming related issues, then please follow the basic steps to ensure a basic level of security of our website or server, they are as follows:
- Reset all email id password, specially the one which you doubt may have the weak passwords.
- Make sure all of the CMS software if used such as Joomla / Wordpress, etc. They are all updated along with the plugins or themes you are using.
- Make sure to scan all computers used to access FTP or email or control panel with any leading 2 antivirus software.
Some of the malware scanners (free versions) are:
McAfee Stinger - https://www.mcafee.com/enterprise/en-in/downloads/free-tools/stinger.html
Malwarebytes https://www.malwarebytes.com/mwb-download/thankyou/
Norton Power Eraser https://support.norton.com/sp/static/external/tools/npe.html
Windows Malicious Software Removal Tool (MSRT) https://www.microsoft.com/en-us/download/details.aspx?id=9905 - Never have any name123 or similar easy to crack passwords. Visit website, like https://randomkeygen.com/ to know some samples of a secure password.
- If affordable for you, we highly recommend website firewall like SecureDash https://webji.in/securedash which prevents your website for up to 8-10 different types of attacks.
- You need to check your website is not listed in any of the leading anti-spam agencies to make sure its not blacklisted for any website compromise issues. You can do the same for example from https://sitecheck.sucuri.net/ If you scan every one of your domain name will be a good idea as that will make sure that none of your website is infected or blacklisted.
These steps are critical, especially in case if your website or email id is hacked or compromised or the defacement issue happened recently.
Question: If I download and scan all of our files/folders and reupload the content will that fix the issue?
Answer: No, it will not fix it as most of the website defacement issues are done with encrypted malware files and hardly any antivirus can find and delete all these infected files which are having encrypted data. Also please note that most of the desktop antivirus are file system check, they are not web server application checker. So another thing is, no antivirus can tell you if your website is having any security issues or any application vulnerabilities.
Question: Then how to fix the issue, if an antivirus scan of files or folders may not help?
Answer: Your developer has to delete all files/folders present on your server /web hosting account and have to reupload a 100% clean copy available at your web developer's end. Also, your developer have to make sure if they are using any free scripts like Wordpress or Joomla, then the CMS software, all its plugins and modules are upto dated with latest and stable security patches.
Question: I understand the risk, I still want to download the old files for my personal check
Answer: Ok our goal is to make you aware of malware issue and risk associated with reusing any of the infected file, but if you still want to have access of currently infected data at your own risk then we need a written statement and consent from your end via email from registered email id to support@webji.services as follows:
"I need old (presently) infected data access so kindly provide me access to the same by making it a zip file and storing that outside public_html / httpdocs folder so that I can download them all. I am informed and I understand the risk of reusing or reupload any of these files may result in malware issue to happen again and if any such issue happens again in 90 days period I agree to pay INR 1000 + 18% GST fee for system admin time involved in the processes. I ensure that I will take care of all suggested security steps without an excuse and ensure that the issue shall not be repeated if repeats will pay the abuse fee for system admin time involved in the processes.."
Question: Is there any 3rd party addon which can help me with website security?
Answer: yes, we highly recommend fully automated website security services like Securedash plans and details available at https://webji.in/securedash/ Securedash protects your website from 10 types of attacks / threats and no coding changes requiring only a small php code needs to be added by you web developer in your php files.
Question: How can I fix the issue if my account has been suspended?
Answer: You can contact our team at support@webji.services via email and can mention that you want to fix the website defacement issue, Our team will offer you one time free unsuspend for such abuse case in 90 days period. However, repeat basis malware or system abuse may result in abuse fee required to be paid by you, for appropriate system admin time.
Question: Do WebJi® offer any website malware cleanup services?
Answer: Yes, plan details as mentioned at https://billing.webji.in/knowledgebase/4888/Do-WebJi-offers-any-website-malware-cleanup-services.html
