We’ve seen this time and time again at HostASite.com. A customer installs a blog/CMS system, creates their content, and then forgets about it. Then one day they look at their web site stats, and notice a huge decrease in traffic. It turns out Google has blocked their site, because it contains malware that was installed by some hacker.
This happens all too often, and can result in a loss of business. Not to mention the embarrassment of existing customers trying to visit your web site, only to get a warning from Google stating it’s infected. With any online business reputation is important, and one cannot afford something hurting your company’s brand or trust. Not to mention if a hacker gains access to sensitive data like customer credit card information. Which then can become a PCI compliance problem, and legal liability.
One of the basic security recommendations we state is to make sure you keep your applications updated. The number one method hackers gain access to a web site is via outdated software. It is the proverbial low hanging fruit, and an easy target for hackers. This will protect you from most web-based malware, but it’s far from perfect. There are multiple other methods a hacker can gain access to your site. Also who has time to check if all of your software is updated, and free of security bugs. This is especially true for developers who manage multiple customer web sites. What is needed is a method to check the security of your web site content.
This is where Sucuri comes in, and think it’s a great service to proactively monitor unauthorized changes to your web site. For a test, I’ve been actively using it on our investing web site Investor Junkie for a few months. I was able to signup and setup Sucuri within fifteen minutes. Sucuri not only scans the visible web pages on your site, but can also scan your server file system. This can be done via FTP, or if you install a PHP script that Sucuri supplies. Hackers typically like to hide files around a file system, and may not be accessible or visible from your web pages.
While I haven’t had the chance yet to test Sucuri’s scanning effectiveness for catching malware, I will update this review when we capture some from our customer web sites. While we inspect malware to see what new techniques hackers might be using, we don’t archive them.
Unfortunately hackers are also getting much more subversive. Previously they would only deface your web site. Now they install malware on your site, so your vistors get infected as well. They abuse server resources for such things as trading credit card information.
We here at HostASite.com do monitor at the server level for any unusual activity, but without a tool like Sucuri it’s impossible to scan each customer account. In addition, hackers are becoming more aware of companies like us who monitor for unusual activity. Hackers are trying to evade this type of monitoring as well.
Sucuri SiteCheck Features
Think of Sucuri as anti-virus protection for your web site. Sucuri monitors for any of these unusual activities:
- Website Defacements – Removing your home page to show off their work to other hackers are rival groups.
- Hidden & Malicious iFrames – Installing HTML code that links to another web site.
- Blackhat SEO Spam – Was code injected into your web pages that helps another site’s SEO?
- PHP Mailers – Using your web site as a means to send out spam is a common attack.
- Phishing Attempts – Did a hacker install a web page to make it appear to be landing page of another legit web site? (ie Paypal)
- Malicious Redirects – Redirecting a web page to another web site.
- Backdoors (e.g., C99, R57, Webshells) – These are shell scripts that allow a hacker to control your account as if accessing via SSH.
- Anomalies – Are there any other usual activities occurring on your site?
- Drive-by-Downloads – A means to install an application on their computer without the authorization of the web browser visitor.
- IP Cloaking – Typically used to help with the SEO of another web site.
- Blacklisting – Is your site on any of the known blacklisting services for malware or virus
- DNS/Whois Changes – Did your DNS or whois information change? It’s a sign your site has been transfered to another owner
- SSL Encryption – Did the SSL certificate installed change?
- Content Change – Did content on your site change?
Sucuri’s plans start at $89.99/year for one web site. One of the nice features available with any of Sucuri plans – clean up is included at no cost. I assume they do this so they also can gather more intelligence in any new techniques the hackers are using. While I personally have really no need for this service, I can see how others who aren’t so technical need this. Many of our customers lack the skills to ensure their site is properly cleaned. For one cleanup, this service is easily worth the annual fee.
Sucuri WordPress Plugin
Sucuri Security WordPress plugin is great as it gives you recommend tips on how to secure your site. It intergrates within WordPress and has some preventive methods help. I wish they had this available for other CMS/blogging systems. Since WordPress is one of the most popular platforms out there it makes sense to focus on this platform first. In the future Sucuri does plan on offering this feature on other platforms.
The plugin has these features:
- Web Application Firewall (WAF) – Sucuri blocks attacks before they reach your site
- Integrity Monitoring – Receive notifications if any of your files are modified
- Audit Logs – Get details of everything that happens inside WordPress: including new users, posts, login failures and successful logins
- 1-Click Hardening – Recommendations of best practices to secure your WordPress installation
The web application firewall in my opinion is especially great, because we are currently seeing a massive attack of WordPress web sites. This plugin does help prevent these types of attacks, which will happen more in the future. I do wish all of these features were part of the base install of WordPress.
Without question I recommend Sucuri for anyone who has either been attacked before, or rely on their web site for revenue. If you can’t afford losing business from either downtime or a ruined reputation, the annual cost is easily worth the expense. Sucuri does support all of the popular CMS/blog platforms out there. Currently Sucuri only has a plugin for WordPress, with plans for more in the future. I rate it 4 out 5 stars because of while it’s a great service, it can be improved with more support for other platforms besides WordPress.