While running a web app on our hosting, you may experience some unexpected situations that may cause unwanted Web site behavior, or prevent you from logging in to the administration of your content management system.
It does not always have to be a technical defect, but a purposeful set-up of the server by which our administrators increase the security of the services they operate. Below is a solution for the most common issues.
Malware on hosting
While running a web presentation, an unpleasant situation can be caused by malware crawling into the content of the site. This is a malicious code that is being abused for cyber attacks, spamming, or infecting visitors of infected sites.
Malware will get into the site in most cases by exploiting a security vulnerability in the web application code itself. The most common is the abuse of an outdated version of an CMS such as Joomla, Wordpress, OsCommerce, etc. It is therefore very important to maintain this system up-to-date, including all of its plugins and design templates.
If the site is infected, we recommend the following steps:
- Update Content Management System (CMS) including all plugins and themes for the current version. Update regularly, some systems offer automatic updates.
- Change your CMS password. Do not send the new password by email.
- Check the contents of all files on the server. If our systems found some infected files, they automatically changed the .malware endpoint. Renaming infected files can cause maladministration. It is necessary to go through each file and remove the wrong code. You can then rename the file to its original name. Remove any unnecessary files immediately.
Malware authors are very resourceful and can hide their code smartly. Instead of cleaning, you can possibly restore the site from a pre-attack backup. Immidiately then change the admin password of the content management system and update CMS and all plugins and themes. Without these steps it is just a matter of time before the malware will appear on the site again.
For orientation, you can also check your site with an online malware scanner, such as sitecheck.sucuri.net.
However, it should be remembered that this scanner will not detect and, in principle, not detect all of the malware, it usually happens that the scan result is OK, but the pages are still infected.
Protection of customer CMS from robot attacks
When entering a CMS administration, typically WordPress, Joomla, etc., or another component, such as xmlrpc.php, you may receive a request to enter a name and password. The message also says that cms should be entered as the name and password. This is the protection against robotic attacks on CMS from abroad.
Type the following three letters as a name and password: cms. Afterwards, you can continue to manage your content management system, where you continue with your access data.
We were forced to implement this measure because of massive forms of attack and some of the most frequently used content management system components. This is to prevent server overloads and outages as well as to protect against unauthorized access to web administration.
The measures will apply mainly to access from a country other than the one you ordered your hosting. Otherwise, you should not be blocked by it.
On request, we are able to disable this action on the server, but the condition is that the CMS used is not currently the target of the attack and that you will replace our measures with adequate measures, such as limiting access to selected IP addresses or custom passwords through .htaccess.
The measure is wide and persistent, but if the wave of attacks goes away for a long time, we are ready to cancel it again. The situation is constantly monitored.
In our shared hosting on the Linux platform, we use the Suhosin patch in PHP, which increases the security level of the server and prevents a wide range of ways to exploit web presentations. Suhosin is doing its job very well, but in rare cases it may limit the functionality of the site.
If you get into this situation and can not resolve the issue at the application level, you can turn off the following directory in your .htaccess file for your Suhosin site:
php_flag suhosin.simulation On