Andrey Kucherov

A post-hack survival guide: cleaning your website after being hacked

IntroductionVery often, web hosting administrators start to take security measures only after a website has been hacked. So, let us imagine the situation when ImunifyAV has been installed on such an infected server. All malware has been cleaned in one click, and all malicious activity has been stopped.Are we good to go? Are there any safety steps required?Actually, the answer is, "Yes, there are still some steps that can be taken after cleanup".Make sure you use all the product's benefits Imunify360 consists of multiple modules, including a WAF, malware detection, Proactive Defense, IDS / IPS, and others. I recommend you check out the documentation for each part of the product to get th...
Continue reading
Andrey Kucherov

Host your website safely and avoid website cross-contamination issues

By Andrey Kucherov, Malware Analyst at Imunify360. This article discusses the hidden pitfalls of hosting multiple websites on one hosting account, and how you can remediate the consequences of website cross-contamination.The structure of virtual hosting (also known as shared hosting) can be illustrated by a bee hive: each website (bee) has its own folder (cell). At the same time, all bees share the same hive (hosting account resources, such as disk space, database, RAM, CPU, etc.).In most cases, hosting companies do not provide resource isolation for shared hosting accounts (plans that let you host multiple websites on one account). In practice, that means that all website files are own...
Continue reading
Greg Zemskov

Why do small sites get hacked?

If you think your site won't be hacked because it's too small to matter, think again. I'll show why that is a false and dangerous assumption.Many site owners and webmasters think that hackers only care about popular, highly-ranked websites. They are wrong.High traffic volume helps boost earnings on partner programs by redirecting visitors to other sites, gets more views of unauthorized advertisements and attracts more clicks on rogue links. But that is not the only way hackers make money.Unprotected sites with low traffic volume are equally attractive to hackers. It is the way they are used that differs from how hackers monetize more popular websites. Any normal site, with an audience of as ...
Continue reading
Greg Zemskov

How Spammers Spam

Twenty years on and spam is still a problem. I'll look at why that is and what we can do to reduce or prevent it.Contrary to popular belief, hacking a site and uploading malicious scripts onto it is not the only way spamming gets a foothold. There are other ways. For example, it could be because of a compromised account, the use of script vulnerabilities, or an incorrectly configured mail server. The diagram below shows an overview of the methods. ​In this article, I'll look at the different ways unsolicited email (spam) can emanate from a web server, and some of the ways you can stop it.Spamming by hackingA hacked site or server is the most common reason behind an outbreak of spamming activ...
Continue reading