Malicious code, known as malware, causes a lot of problems for many people. It is often used to defraud others, send spam or extract bitcoin.
For you as a website owner, it damages your trust when customers and visitors suddenly reach a completely different website with a questionable message.
It often helps to keep your website updated with the latest versions of applications (such as WordPress). This reduces the risk of security breaches.
In the past, we have a Web Application Firewall (WAF) in front of all servers. It stops the vast majority of malware attempts before they reach the server.
But we want to go one step further to protect you and your website. That’s why we are now introducing not only automatic scanning but also automatic malware cleaning on all our hosting servers.
How does it work?
Once a week, all files on your account are scanned by. Files that you upload for example via FTP or your applications are scanned immediately.
If the system finds malware, it will be automatically removed:
- If the entire file is malicious, it will be emptied. You will be left with an empty file.
- If the file contains only a small piece of malware, the system will remove that piece. You are left with a file that is as it should be.
If the weekly scan finds malware, you’ll get an email telling you what we’ve found and how we’ve cleaned it up. You’ll also get some tips on good things to check and how to prevent future intrusions.
If you want to check your account between automatic scans, our support team can help. For example, if you’ve cleaned up and want to make sure everything is gone.
In the control panel, cPanel, you can see a list of all the files where we have found malware and the action the system has taken.
How do you know what is malware?
Our security system, Immunify360, which resides on all web servers, works against a cloud-based list. By comparing the files’ hashes (a kind of encrypted control key), the system can see what is real and what is malicious.
The system is smart and constantly learning. This means it also catches the latest, new examples of malware.
Can I change what happens when you find malware?
Yes. By default, we remove the malicious code automatically. We’ve been testing and evaluating this for a few months to make sure it doesn’t cause problems or clean real code by mistake.
If you still don’t want automatic cleanup, you can opt out:
- Quarantine the file. This means that the malicious code cannot run or cause harm. However, you will need to go in and manually clean the file to remove all malicious code.
- Only notify you. This means that the malicious code is still running and can cause harm. You should immediately make sure to clean it up manually.
Keep in mind that if you do not clean up the malware, we may need to temporarily block your account for security reasons.
Remember that you always have access to daily backups of your entire account in case you need to uninstall something. Therefore, we strongly recommend that you let the system automatically clean any malware.
In the support portal you can read more about how to set up Immunify 360.