How to detect Malware attacks and prevent them from re-occurring

There are a myriad of useful resources on the Internet to help you detect malware infections on your website and to assist you clean up if you have become infected. This article is about pointing you towards our recommended resources rather than building yet another guide.

Detection

Knowing you have a problem is the first step. Google provide a malware detection service as part of their search engine activities. This service is free of charge.

If your site is listed in Google they will alert you via email if they detect malware. All you need to do is ensure that you can receive email sent to one of the following email addresses on your domain name (the same one as for your website):

  • abuse@
  • admin@
  • administrator@
  • contact@
  • info@
  • postmaster@
  • support@
  • webmaster@

Alternately (or if your site is not listed in Google currently), you can setup a free Google Webmasters Tools account which provides more detailed reporting as well as providing the ability to control the email address to which reports of malware are sent.

Cleanup & Prevention

There are many good guides that can assist you with cleaning up a malware infections. The primary mechanism of preventing malware infection is ensuring that vulnerabilities do not exist in applications or code associated with your website which lets the malware in.

Shared hosting customers

If you are a shared hosting customer with Anchor, we already apply updates to all software that is installed by Anchor. We don't apply updates to software that you install within your account (e.g. Wordpress, phpBB). You are responsible for ensuring that your code and applications are free of vulnerabilities.

In the shared hosting environment Anchor has put in place numerous mechanisms to prevent malware infections from spreading between customers websites. If your site has become infected, the infection will be a combination of vulnerabilities in your application and other computers on the Internet - not the spread of an infection on our infrastructure.

VPS & Dedicated server customers

If you are a VPS or Dedicated server customer with Anchor, the level of operating system and application level patches which Anchor apply to your server varies depending on the support pack if you have selected for your service. As is the case for shared hosting though, we don't apply updates to software that you install on your server. You retain responsibility for ensuring that your code and applications are free of vulnerabilities.

Useful guides/articles

Why do I have to fix my code? Can't something be done on the server?

Anchor is a hosting company, that's all. We believe we're very good at providing hosting services and we're happy to stick with that. We don't build websites, we don't get involved in application development - there are many more talented website and application developers that we leave this to.

Whilst it's technically possible to install applications which may retard or inhibit the infection of malware, we believe it's a bandaid fix and does not represent a best practices approach. If we waved our magic wand and stopped websites we host from being affected by malware, we would remove the need to fix the root cause of the problem - the vulnerabilities in the code - which in turn reduces the responsibility on the developers to follow best practices, and eventually only serves to promote the spread of malware through poor coding habits.

Why don't you apply updates to software that I install?

Applications commonly installed by our clients such as Wordpress, Joomla, wiki software, and forum software are often the same ones which are most frequently subject to malware. This occurs because the authors of the malware know that such programs enjoy a very large installation base and their evil exploits will flourish.

Updates can break the software

These applications are like toolkits: they can be used in many different ways. Used in the way intended by their authors, we could safely apply updates in most (not all) cases without causing unwanted effects (i.e. breaking the website). Unfortunately in a very large percentage of cases they are not. If we apply the updates, there is a very high chance that we will break many of the websites we apply them to.

We can't keep track of what is installed

There is nothing we can do to force our customers to notify us when they install such third party applications. Since we can't know what is installed we can't commit to having responsibility for applying the updates.


Related articles