All about malware and shared hosting

Posted at November 30, 2016 at 12:43 pm by John Quaglieri

Malware infections have grown over the past few years. There are steps that can be taken to clean a site, and protect it from malware.

* Causes of malware
Generally speaking with in a shared hosting environment the most common cause of malware is out of date software with in the hosting account. For example, the most common is a theme or plugin with in a third party php script like wordpress which has security issues. The best way to ensure this doesn’t happen is use plugins that are from the wordpress admin section, so auto updates are available, and keeping them up to date. By default wordpress core will update automatically unless disabled – and it is a bad idea to turn off updates for wordpress. For themes, use a theme that will also auto update – otherwise you are left to manually update the theme for security issues.

* Why is there malware, and why can’t it automatically be blocked.
The common causes of malware being scripts, like php, make it especially hard to block. This is because PHP is a scripting language that runs under your account username. By that alone, php can make changes to files in your account. A security problem that allows changes to a file, uploading a file or other injections suddenly can compromise your site. There are some defenses on InterServer shared hosting such as Web Application firewalls, but these can not protect against all possible security issues.

* Scanning for malware
On InterServer shared hosting with in the cpanel control panel there is an option called virus scanner. This can detect known malware signatures.

* Automatic scanning of Malware
Running scripts on InterServer shared hosting do get scanned for malware but this does not cover all possible ways scripts can run.

* The problem with addon domains
Addon domains can be problematic when it comes to malware. A single username with many domains set up as addon domains could be compromised by another addon domain because there is no isolation between addon domains in the same account. PHP can edit any file with in your shared hosting account – that includes other addon domains

* Separate cpanel accounts / usernames
Separate cpanel accounts are isolated with CageFS on InterServer shared hosting accounts. This means username can see the files processes or other data from another account.

5.00 avg. rating (88% score) - 1 vote

You can skip to the end and leave a response. Pinging is currently not allowed.

6 Responses to “All about malware and shared hosting”

  1. James McKenna says:

    I received this this email, do I need to do anything?

    Send from non monitored email. Please do not directly reply. /home/lanarksh/public_html/smart-installations.co.uk/9gptqzclhg1p5etec3yqe7mdvjynqsrg.php sigs.Interserver.net.multi.autologin.1.UNOFFICIAL Thu Apr 20 16:25:01 EDT 2017 has been moved to /home/lanarksh/.quarentine/20170420.933763 for your user lanarksh as it has been detected as a virus or malware. Please review https://www.interserver.net/tips/kb/malware-shared-hosting/ for more information.

    • Jithin says:

      Hello James,

      That is an automated mail from our malware monitoring system. Since the malicious script moved from your document root to quarantine location, it won’t cause any issues. But still you need to check the file /home/lanarksh/.quarentine/20170420.933763 and remove it if that is not needed for your site and applications to work properly.

  2. Saad says:

    what should i do?

  3. Sudheesh Sankar says:

    Sent from non monitored email. Please do not directly reply. /home/techelse/greeshmaoilmills.com/.well-known/pki-validation/nacuqucl.php Sun Aug 20 12:44:13 EDT 2017 has been moved to /home/techelse/.quarentine/20170820.195133 for your user techelse as it has been detected as a virus or malware. Please review https://www.interserver.net/tips/kb/malware-shared-hosting/ for more information. Open a new ticket if you believe this is a false positive.

Leave a Reply