[onCloud] HackerWise Reputation Monitoring and Health Scanning

About myhosting.com HackerWise

For more information, please visit http://myhosting.com/hackerwise/

 

Reputation Monitoring

Reputation Monitoring is a comprehensive daily check that alerts you to the status of your website many blacklists including search engines like Google, Yahoo, and Bing; malware blacklists like Malware Patrol and Malware URL; DNS Blacklists; phishing blacklists like PhishTank; spam blacklists like SpamCop; and more

 

Health Scanning

Health Scanning alerts you if your site has malicious changes or code injection and tells you where the problem is, right down to the page and the line number. We notify you so you can take action before the search engines blacklist your website or your visitors are hurt. Includes Reputation Monitoring

 

Activating Your Service

Once you have purchased HackerWise Reputation Monitoring or HackerWise Health Scanning, you will need to activate it in your control panel before the scanning begins.

  1. Log into your myhosting.com onCloud Control Panel 
  2. If you have more than one Hosting Subscription, select the one that you have purchased HackerWise with.
  3. On the Hosting home page, or in the left-navigation menu, click on HackerWise 
  4. Your HackerWise status will be listed as Not Activated. Click on Create to proceed.
  5. In the fields provided, fill in the Domain Name you want to scan, and your email address. Then click Next>> 
  6. Review and confirm the details, then click Finish.
  7. It will take a few minutes for your service to Provision, and afterward it may take a few hours before your first scan is completed. You can return to this page in your control panel to view your report once it is ready.

 

Frequently Asked Questions

What are blacklists?

  • Blacklists contain names of websites which have engaged in malicious or annoying activities, such as distribution of malware, being an accomplice in a Phishing attempt, hosting annoying or dangerous advertisements or other reasons.
  • A blacklist is usually lists the names or modified version of the name (such as a hash) of a website.

Why has my site been blacklisted by Google?

As a public service, Google analyzes websites and determines if the website is distributing malware or has been reported as taking part in a phishing attempt. If your site is listed on Google’s Safe Browsing List, it might have been involved in the distribution of malware (harmful computer programs like viruses).

How do I fix it?

  • Clean your website and remove any traces of malware
  • Understand how malware was deposited on your benign website.
  • Sign up for Health Scanning to prevent it from re-occurring.
  • Request a site review from Google.

How long will it take to get off the blacklist?

It can take from a few hours to as many as 10 days to get off a blacklist. Some individuals have also reported longer time periods. If your website is on a blacklist, it is imperative that you identify the exact cause of the problem and remedy the situation correctly. A lot of webmasters cannot hunt down all traces of malware and hence stay on the blacklist for quite long.

How can Google do this to me?

Google is not out to hurt websites and businesses. It is simply providing an public service to Internet users. It simply offers a warning about its opinion regarding the security of your website. A cleaner and safer Internet benefits all web surfers. No one can access my website, my business is being destroyed!

Modern browsers like Internet Explorer, Firefox, Opera, Safari all consult some form of blacklist before visiting a website. If your website is listed on a blacklist, chances are that your visitors are not able to get to your website. This may incur significant lost revenue for you and may degrade your reputation.

I did not upload any viruses, where did the malware come from?

It's possible that one or more of the following may have occurred.

  1. Your website has a vulnerability. Think of it as a open door in your house. The hacker has used this door to enter your website and deposit malicious computer code.
  2. Your web server has a vulnerability. If you manage a VPS hosting account, you need to make sure that the web server which is used to host your website is secure.
  3. Your login credentials have been compromised. Hackers often install programs called key loggers on computers. These programs analyze the keystrokes you are using to type in you password and username. Once the hacker gathers this information they can login to your website silently and wreak havoc. A Web Application Firewall (WAF) will not protect you from this kind of compromise. Health Scanning will alert you of such a scenario, however.
  4. Third party software installations may have vulnerabilities. If your website uses an online shopping cart, blogging or forum software, from a third party, they may have introduced vulnerabilities into your website, which caused your site to get compromised.

I have Anti-Virus Software on my computer, how could this happen to me?

Your Anti-Virus software protects your personal computer from threats. It cannot protect your website from attacks by a hacker. How is your technology better than Anti-Virus?

Most Anti-Virus systems use signature based mechanisms. Once a piece of malware has been reported as bad, they will be able to detect it on your computer. We take a different approach. We understand the behaviour of a piece of malware and then create a profile for malicious computer code. This allows us to hunt down previously unseen pieces of malware.

Why did a hacker do this to me?

The chances are that your site was compromised using automated programs which are developed by hackers and sold on the underground black market. It is very rare that a hacker will take a personal interest in infecting a website.

Automated hacking tools do not discriminate between small or large websites. It does not matter if you own a small business or a very large one, or even if you just host a blog or a personal website. All websites are fair game for these bad guys.

How can I prevent this from occurring again?

  1. You should subscribe to a Health Scanning in order to be notified in the case of a malware injection.
  2. You need to the security status of your website applications and web server.
  3. You need to improve the security of your website applications, such as your blogging software, online shopping cart or similar applications and keep them updated.
  4. You need to improve the security of your web server (update server software or operating system).

Who can help me fix this?

If you find that your website, hosting account or VPS has become compromised, contact us and we will do our best to help! You may also find helpful volunteers here:

Can advertisements on my website cause me to get blacklisted?

Yes, they can. Hackers can even distribute malicious advertisements to advertisement distribution companies. These ads can find themselves circulated through the digital ecosystem to various benign websites which can cause good websites to get marked as malware distribution points.

My site is PCI certified, am I immune?

PCI certification is a good first step towards securing your website. Unfortunately, being PCI certified does not ensure immunity to these attacks. PCI certification simply means that the website does follow some best practice guidelines. This does not ensure that a website is immune to code injection attacks, either.

My site has a SSL certificate, I can see a padlock sign, am I immune?

No. SSL certificates have nothing to do with protection from malware attacks. SSL certificates simply prove that your site is the website it claims to be. It is a sign of a responsible business who wants to confirm their identity to the visitor.

My site has a trust mark, am I safe?

No. Several companies sell trust marks. Some trust marks simply prove that you are a legitimate business, or that you will respect some privacy criteria. Most trust marks are not related to the security of the website.

Some malware is specific to Internet Explorer, can you detect it?

Yes, we can detect malware that only triggers when a user browses a site using Internet Explorer. We also use various IP addresses to probe a single website.

Additionally, we check for malware that triggers when a user visits from search engine web pages like Google, Bing, Yahoo, etc.

When I try to select a service, I see a message that says: Your site has 403 pages. My site only has 20 pages. Why do I see this message?

Your site may have many more publicly accessible web pages or web objects than you think. For example –

  • Default pages hosted by your web server.
  • PDF files, advertisement files (SWFs) accessible via your site.
  • Dynamically generated pages (the URLs that end with something like ?p=120) by your content management system (WordPress) or framework (Django)

Why are my customers getting redirected to another website?

  • Please try to check your .htaccess file on the web server. A good resource for this can be found [here http://wiki.apache.org/httpd/Htaccess].
  • Also, note that the permissions on the .htaccess file should be 0640/0644. Do not leave this file accessible to everyone.
  • A compromised .htaccess file may cause redirects on your site that you did not intend. Check the contents of the file to verify.

How do I remove the malware?

  1. Log into your website account using your ftp, sftp, ssh, scp, or cPanel password.
  2. Once you have access to your website directory, navigate to the main directory where you should be able to see your HTML files (web pages).
  3. Download all pages and folders to your local computer.
  4. Use a program like grep, Wingrep, ScanFS, Grppola, or Total Commander to search all the downloaded files for malicious patterns.
  5. Delete the malicious code. Remember to check your database, templates, .htaccess file and your backups for any copies of the malicious links or code.
  6. Upload the cleaned files back to your account.
  7. Then, request a review from Google.
  8. Scan your local computer with multiple Anti-virus engines.
  9. Ask us for help if you are having trouble identifying the problem.
  10. Sign up for Health Scanning to identify issues more quickly in the future!

What do the colors in the Rating Legend mean?

Our Rating Legend uses a Threat Level color scheme to indicate the severity of site safety and reputation issues.

Why is my site marked Orange or Yellow?

  • This color indicates that the site in question is neither “verified” good or bad.
  • The rating is based on a heuristic which checks if the name of the site is similar to a popular “verified” site or not.
  • This could suggest typo-squatting.

Why is my site marked Red?

  • This color indicates that the site in question has been involved in malicious activity.
  • This kind of undesirable behaviour ranges from participation in phishing campaigns, spam campaigns, malware distribution and zombie or bot attacks.

Why is my SSL certificate marked Blue?

This color indicates that your SSL certificate is current and valid. However, your SSL certificate is not an Extended Validation SSL Certificate.

My site is listed on Clean-MX, Phishtank, or other blacklists, what should I do?

  • You should take remediation steps to remove offending web pages and malware from your website.
  • Then, visit the websites of the blacklists which have reported your website such as clean-mx.de and submit a request for review.

My web of trust score show 0/5, or 1/5, what does this mean?

  1. Your score at Web Of Trust depends on how many Web Of Trust community members rate your site.
  2. Your score is 1/5 if not a lot of community members have rated your site, with a positive reputation.
  3. To improve your score you can visit Web Of Trust and ask community members to rate your website, increasing your score.

 

Was this article helpful?
0 out of 0 found this helpful