Steps to stay clean after malware removal

Steps to Stay Clean

If you are reading this page then you are on your way to being proactive and actively taking steps to help reduce the risk of reinfection. While no-one can promise you the risk will ever be zero, we can work together to ensure that its as low as possible.

Website Firewall – WAF

There are a growing number of software vulnerabilities being exploited by attackers, trying to keep up with it can be very challenging to you as a website owner. Let’s face it, when you created your website you were hoping it was going to be easy and weren’t interested in spending every day focusing on security. If this is you, then you’ll want to consider something like a Website Firewall to help keep your website performing and keep the hackers out.

Update your website(s)!

If you are using WordPress, Joomla (or any other CMS), and it is not already using the stable current version, take a minute to update please. Why? Because out-of-date software is leading cause of infections. This includes your CMS version, plugins, themes, and any other extension type.

Change your password for all access points. This includes FTP, SFTP (or SSH), Plesk, etc… .Choose a good and strong password. What often defines a good password is built around three core components – Complex, Long and Unique. The argument most make when it comes to passwords is that it’s too difficult to remember multiple passwords. This is true. It’s also why Password Managers were created.

Password Tip: Start using a password manager: Peguta <https://peguta.com/> and LastPass <https://lastpass.com/> are good ones to use (online and free).

We cannot stress the importance of changing all passwords to include those not related to your CMS. Your website has various access points, attackers understand this and because of this they will often exploit multiple points of entry. At a minimum, be sure to update the password for all administrator accounts. We say all because often users will create more administrators than they require and will often update one, but forget about the rest. There really is no better time to clean than after a compromise, take advantage of this time.

* Joomla users <http://docs.joomla.org/How_you_reset_an_administrator_password%3F>

* WordPress users <http://codex.wordpress.org/Resetting_Your_Password>

* Drupal users <http://drupal.org/node/44164>

Change your database password. If you are using a CMS (WordPress, Joomla, etc…) change your database password. Please be sure to update your configuration file – Joomla: configuration.php and WordPress: wp-config.php. This is not an automated process so you will need to know how to open those files and edit manually. If you’re not familiar with handling changes in your database and configuration files, contact support.

*If you don’t know how to change your passwords (specified above), contact support for details.

Run a virus scan on your personal desktop/laptop.

In a lot of cases we see that websites are compromised via local environment (notebooks, desktops, etc..). Its why we always ask you take a minute to run an Anti-Virus product. If you’re OK with spending a little money, the latest reports show that BitDefender is leading the pack in malware detection on MAC’s and PC’s. Other alternatives includes Kaspersky for Windows and MAC, and Sophos and F-Secure for Windows. You can also try Avast, MSE, Spybot that are free alternatives and very good. Here is the bottom-line, it doesn’t matter how many times your site gets cleared, if your desktop is not clean, your site can get reinfected quite easily.

Start doing backups of your site

Afterthe site is clean and secure, a very good practice is to do daily backups at a minimum. There are number of backup solutions out there you can use, if you are a client of ours you can sign up for our Website Backup solution. It’s a simple configuration that works off SFTP and stores all your content, including the database, in the cloud.

Sucuri Security WordPress Plugin.

Whether you’re a Sucuri client or not, it doesn’t matter, we recommend leveraging the Free WordPress Security plugin <https://wordpress.org/plugins/sucuri-scanner/>. They provide detailed instructions on how to install <https://sucuri.net/wordpress-security-plugin-installation> and provide a more in depth discussion on WordPress Security Monitoring <https://sucuri.net/wordpress-security/wordpress-security-monitoring>.

Clean your Kitchen.

Too often the issues we see plaguing our clients are caused by “soup kitchen” servers. Old installations of their content management systems, themes or plugins. Over time these old installs become forgotten but grow ripe with malware that’s ready to infest their entire server after each clean. Take a minute to separate those things that belong on a test, staging and production server.

Turn off STARTTLS in postfix – 5.7.0 must issue a STARTTLS Command

To disable TLS in the master.cf file for postfix - Change this line in the /etc/postfix/master.cf:

submission inet n - n - - smtpd -o smtpd_enforce_tls=yes -o smtpd_tls_security_level=encrypt -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=rmit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unah_destination

to the following:

submission inet n - n - - smtpd -o smtpd_enforce_tls=no -o smtpd_tls_security_level=may -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=rmit_sasl_authenticated,reject -o smtpd_sender_restrictions= -o smtpd_recipient_restrictions=permit_mynetworks,permit_sasl_authenticated,reject_unah_destination

and then restart postfix:
service postfix stop
service postfix start

 

Plesk backup and restoration

Overview

Backing up your content is very important. Backups help protect your content in the case of unforeseen catastrophes and provide known good instances of your sites and data that you may revert to. While our system maintains regular internal backups of all customer data for emergency recovery purposes, these are overwritten on a rotating basis. Therefore, it is best not to rely on these backups for your individual backup needs. So, depending on the situation and timing of your need for a backup, these internal disaster recovery backups may not be a solution for you. This is where self-managed backups are important. Plesk itself has it’s own backup tool that you may use to manage your own backups to meet your specific needs. The following article details how to instantly backup your site,  and restore from backups you have created.

Creating an instant backup

With an instant backup, you can create an immediate backup of your domain’s configuration, data and/or email. The following directions detail how to create a full backup of a domain.

  1. Log into Plesk
  2. Click on Domains
  3. Click on Manage Domain or Manage Hosting
  4. Click on Websites & Domains
  5. Click on Backup Manager
  6. Then, click Back Up.
  7. Choose your options in the Backup Settings. This includes adding a prefix to the backup name, choosing to make a multivolume backup, where the backup will be created, and if a notification is desired.
  8. From the same window, choose the “Domain configuration and content” option. When this is done, the drop down box to the right will become active and you can choose the type of backup you want that will include content for your domain. The “All configuration and content” option will make a full backup of your domain.
  9. The last option on this page allows you to suspend the domain while it is being backed up. Suspending the domain will make the domain temporarily unavailable to web traffic while it is being backed up.
  10. When you are finished customizing your backup, click “Back Up” to immediately backup your domain.
  11. This will return you to the Backup Manager. When the backup is complete, you will see it listed below. You may need to refresh the page to see the new backup.
  12. At this point, you may also choose to save a copy of this backup to your local computer. To do so, click the green arrow that is to the far right of the desired backup.

Restoring a backup

  1. Log into Plesk
  2. Click on Domains
  3. Click on Manage Domain or Manage Hosting
  4. Click on Websites & Domains
  5. Click on Backup Manager
  6. Select the existing backup you wish to restore from the list of backups in your Server Repository or Personal FTP Repository.
  7. Select the items within the backup that you wish to restore.
  8. Click Restore to restore from your selected backup.