16 Apr, 2018

Website Malware and Web Hosting

The more control you have over the website, the more you need to think about keeping it safe. Website malware monitoring and protection software are key defenses for keeping intruders out.
When you have your own website, security has to be one of your top concerns. The more control you have over the website, the more you need to think about keeping it safe. Website malware monitoring and protection software are key defenses for keeping intruders out. Website breaches have huge costs. Even the least important site offers a jumping-off point for attacking other sites.
Types of Web hosting
Many approaches to Web hosting are available. The hosting company may do most of the work for you. You give up control for convenience and let the hosting company deal with most of the security headaches. At the other end, you have full control of the machine, which lets you do anything you like within the terms of service. You also have full responsibility for website security. Although, either way, anything that goes wrong means trouble for your site and your business.
Site builder
With a site builder, you get a set of tools for constructing your pages. You don’t have direct access to the file system, and, in many cases, you can’t even write your own HTML. Many site building hosts have powerful tools for adding features.

You have to think about security even with this kind of site. It needs a strong password for its administrative account; and you have to be careful about who else you give accounts on the site. If visitors can add content (e.g., comments), they could add malicious links. Basically, security is the host’s responsibility.
Platform hosting
With some hosting plans, you get access to a platform, but not to the underlying file system. For example, sites like WordPress and Drupal use this format. When a cloud service offers this, it’s called PaaS (Platform as a Service). It gives you more control than a site builder, but it’s still limited. In other words, you may be able to install add-ons, but only pre-approved ones. If you can add custom JavaScript or embed third-party content - such as ads - you can create potential risks.
Shared hosting
A shared hosting plan gives you an account on a server, and you have control down to the file system level. You can install your own software. The risk factor is much higher than with site builders and platform hosting. If the software you use is buggy, you don’t configure it right, or you don’t keep it up to date, malware could get into it. Sometimes it can even when you do everything right.
VPS or IaaS
With a virtual private server (VPS), you control the whole machine. Infrastructure as a Service (IaaS) is basically the same thing, except that you could have multiple virtual servers. In both cases, a cloud service hosts your virtual environment, and it gives you some protections, such as automatic software updates. However, you’re mostly on your own.
Colocation and self-hosting
A self-hosted site is just what it sounds like. You run the site on your own server and have total control of the machine. Colocation is the same thing, except that you lease the server from a data center. You have total responsibility for security, from the operating system on up.
How do you protect your site?
Whether the security is in your hands or your host’s, the consequences fall on you if it’s compromised. Website blacklisting is a possibility if scanners detect malware on your site. Even after you fix the problem, it can take weeks or months to get off a blacklist. The effect on your business’s reputation can be deadly.

If you choose a site builder or platform hosting, you need to make sure your host protects it well. If you use shared hosting or control your own server, keeping it safe is a big part of your job. These are some of the things you have to do:
  • Access control. Any account that can modify your site needs to be trustworthy. All accounts must have strong passwords that aren't easily guessed.

  • Backup. Always have an offline, backed-up copy of your system and data. Thus, if anything seriously bad happens to your site, you can revert to a clean version.

  • Software selectivity. Be careful what software you allow on your site, including add-ons and plugins. A piece of software that sounds useful may be malicious code in disguise, or it may have serious security holes.

  • Software updates. Even well-designed software has bugs. Keeping it up to date is necessary to patch any problems that intruders might try to exploit.

  • Anti-malware software. You need protective software that will stop malicious code from being installed and keep it from running if it does get onto your server.

  • System monitoring. Unfortunately, there's no such thing as foolproof protection from all attacks. If an attack does get through, you want to know about it as quickly as possible. Monitoring detects the signs of website malware and breaches and let you know you have to do something. Quick malware removal is the next best thing to keeping it out.
Website Malware Scanning
Monitoring is a vital part of website security. There are two main types of scanning: internal and external. Internal scanning runs on the site and examines the file system and site behavior. If it detects hostile files or abnormal traffic, it issues an alert to the administrator or triggers a malware removal procedure.

The advantage of internal scanning is that it can find more. It can look at files and detect data which is being sent to third parties. The advantage of external scanning is that it can run on any kind of hosting, including site builders. Also, malware can't compromise or kill external scanning.
Setting up monitoring includes getting a baseline profile of the site under normal operation. This helps to define what constitutes normal behavior and what may indicate a problem.

The unique capabilities of Quttera's SaaS real-time monitoring services detect both known and unknown threats. The software's heuristic malware detection goes beyond matching the signatures of previously known threats. Its statistical algorithms identify abnormal traffic, and it adapts to a constantly changing threat landscape through artificial intelligence and machine learning.

The Website Malware Scanner operates as an external security service that provides detailed, real-time monitoring of threats. The Website Malware Scanner REST API provides easy integration with other services, allowing an immediate, automated response upon detection of a possible threat. Quttera also offers internal scanning through the WordPress Malware Scanner, a plugin for detecting hostile actions.

B2B clients can create their own custom security solutions using the Website Malware Scanner API. They can build integrated services that monitor systems, scan for malware, and provide notifications and cleanup. The possibilities range from in-house protection systems to white-labeled solutions for clients.

Quttera's partners build on our technology to provide comprehensive website security plans. Each one adds its distinctive approach to site protection and threat removal. When all your security components work together smoothly, you have the greatest safety without administrative problems.
Security is an issue for everyone's website. You can't afford to be without it.