In a previous post we gave an overview on how Bobcares help desk support services has been able to prevent website blacklisting in popular website reputation lists. But that’s not all. Even PC anti-virus suites can block websites if malicious code is found in them.

Search engines and PC anti-virus like Google, Bing, Norton Safe Web or McAfee SiteAdvisor blacklists a website if malware is detected in them. Most websites are infected with malware due to insecure web apps, login details disclosure or insecure web server configuration.

Bobcares helps website owners and web hosting providers keep their web services secure. Server security audit and hardening is an important part in our web server management services. Here we’ll go through what causes website blacklisting, and what solutions have given us good results.

File inclusion vulnerabilities and code injection

Vulnerabilities are discovered in web applications all the time, but only very few webmasters are savvy enough to do timely upgrades to their web applications. This leaves the majority of websites in a shared hosting server vulnerable to malicious code injection. Bobcares prevents this by deploying a web application firewall.
While commercial web application firewalls generally gave good detection rates, we have been able to provide a decent level of protection through the native mod_security module of Apache web server. Additionally, mod_security was augmented with ClamAV anti-virus and free virus signatures from SaneSecurity. This effectively put a virtual stop to all malware uploads into the server.

File upload scanning through Control Panel and FTP

Compromised FTP and Control Panel accounts are another major source of malware uploads. Desktops, laptops and mobile devices get infected with trojans all the time, and web masters losing their FTP login details are a common cause of malware uploads. We put a block on this channel by deploying file upload scanners. For those web hosts who didnt want a commercial solution, we have been able to fortify the Apache back end of control panel services with mod_security, and integrate ClamAV scanner into FTP services. This, along with loading anti-virus signatures from various free sources like LMD, SaneSecurity, etc, ensured that malware uploads no longer happened in the servers.

Insecure web server configuration

The default settings of popular control panels like cPanel, Plesk, DirectAdmin, Interworx, etc are optimized for feature richness, and not security. It allows hackers a lot of options to run their exploits. An example is the infamous symlink vulnerability which allowed a hacker to spread malware from one account to another. We pre-empt such issues by doing periodic server hardening to apply latest security patches, and updating server settings in response to new evolving threats.

Security challenges can vary from one web host to another. If you would like to discuss how best to secure your shared hosting servers against website blacklisting, we would be happy to talk to you.

About the author

Visakh S is a senior software engineer at Bobcares. He has extensive experience in managing technical support teams of web hosting companies and data centers. He has been instrumental in devising security strategies for web hosting companies, and has provided custom security solutions for their unique security challenges.