Host's Responsibility to Remove Malware?
September 3, 2015 3:44 PM Subscribe
I have several websites that are hosted through Network Solutions. Since April, I've noticed more and more malware that is blocking my access to my websites. Only the sites on this provider are infected. Until this year (and for the 8 previous years on one of the three sites), I've never had any malware or infections.
The provider offered me a new service where they monitor my sites and tell me how much malware is infecting them. I already know they are infected and inaccessible. They also say they can disinfect my sites for an additional $6.99/mo.
Isn't it their responsibility to keep malware off their server that can infect account holder sites? Is this a legitimate ask by them?
Best answer: Isn't it their responsibility to keep malware off their server that can infect account holder sites?
Up to a point, on standard shared hosting, in terms of basic server hygiene and user segregation. Beyond that point, it's the responsibility of site owners to keep their stuff updated and secure. If your site's codebase is vulnerable to SQL or JS injection, or to arbitrary file uploads, then you're inviting malware in, and that's on you.
Some hosts seem to be more prone to malware than others. Some hosts tolerate malware on their servers if they can charge extra. Some hosts are more proactive in identifying infected sites -- and shutting them down until they're clean. I have no idea what kind of resources NetSol devotes to its hosting practices, but I doubt they're best-in-class.
Just find another host, and while you're migrating, get somebody to do a proper check of your site files and logs to ensure that there's not some embedded shit that keeps getting reactivated by POST requests from Belarus.
posted by holgate at 3:59 PM on September 3, 2015
Up to a point, on standard shared hosting, in terms of basic server hygiene and user segregation. Beyond that point, it's the responsibility of site owners to keep their stuff updated and secure. If your site's codebase is vulnerable to SQL or JS injection, or to arbitrary file uploads, then you're inviting malware in, and that's on you.
Some hosts seem to be more prone to malware than others. Some hosts tolerate malware on their servers if they can charge extra. Some hosts are more proactive in identifying infected sites -- and shutting them down until they're clean. I have no idea what kind of resources NetSol devotes to its hosting practices, but I doubt they're best-in-class.
Just find another host, and while you're migrating, get somebody to do a proper check of your site files and logs to ensure that there's not some embedded shit that keeps getting reactivated by POST requests from Belarus.
posted by holgate at 3:59 PM on September 3, 2015
I'm having trouble distinguishing this 'offer' from an extortion attempt.
When I googled '"network solutions" extortion' a page apparently run by a law firm was the second result:
When I googled '"network solutions" extortion' a page apparently run by a law firm was the second result:
We are currently investigating Network Solutions for extorting customers by forcing them to pay a hidden $25.99 late fee to renew their expired domain names. This undisclosed “reinstatement fee” starts on day one of expiration, and is in addition to the $37.99 renewal fee.posted by jamjam at 5:09 PM on September 3, 2015
We are also investigating Network Solutions for other deceptive practices based on feedback from current and past customers.
If Network Solutions charged you a $25.99 “reinstatement fee” to renew your expired domain name, or if you have been a victim of any of their other deceptive practices, you may have a claim. We would like to learn of your experience.
So I need a little clarification: Do you have any evidence that any files on your site are infected, or is this caused by other sites that are hosted on the same shared host being infected?
Because in either case, the proper response of the hosting company is to shut off access to the infected site until the site owner cleans it up. That's part of the cost of doing business as a shared hosting company.
If your site is infected because of things you do (which can include not keeping your WordPress or other CMS updated for security holes, installing infected themes, etc.) and they're offering to clean up your site for $6.99 a month, that's a bargain.
But if they're trying to extort $6.99/month out of you for other people on a shared host getting infected, you should find another provider.
posted by straw at 5:26 PM on September 3, 2015 [1 favorite]
Because in either case, the proper response of the hosting company is to shut off access to the infected site until the site owner cleans it up. That's part of the cost of doing business as a shared hosting company.
If your site is infected because of things you do (which can include not keeping your WordPress or other CMS updated for security holes, installing infected themes, etc.) and they're offering to clean up your site for $6.99 a month, that's a bargain.
But if they're trying to extort $6.99/month out of you for other people on a shared host getting infected, you should find another provider.
posted by straw at 5:26 PM on September 3, 2015 [1 favorite]
Isn't it their responsibility to keep malware off their server that can infect account holder sites?Without knowing any details about what software you are running on your servers, I would propose that it is probably more likely that malware gained access to your hosting account/webspace via a weakness in some piece of software you installed.
Even if your host offers "one-click" installs of Wordpress or whatever, it is up to the end-user (you) to enable auto-updates wherever allowed. Plus any plugins you may have installed.
But honestly, without knowing the specifics of what happened, it is hard to really say what has happened and who is at fault. "Need more info."
posted by misterbrandt at 5:28 PM on September 3, 2015
Isn't it their responsibility to keep malware off their server that can infect account holder sites?
No. It is your responsibility to keep malware from infecting your sites, and thus, the shared server upon which you sit. You can install anything -- bad WordPress plugins, injectable code, whatever -- or you can never update your versions and never apply security updates either.
None of that is your host's shout. They are not going to come in and re-write the bad PHP you wrote or patch and clean the plugin you never updated.
Is this a legitimate ask by them?
Absolutely. And they're not requiring it of you; you can say no and opt to stay on top of all of the vulnerabilities that come with what we commonly use to run websites on the backend these days, but you're going to need some luck there too.
posted by DarlingBri at 7:06 PM on September 3, 2015
No. It is your responsibility to keep malware from infecting your sites, and thus, the shared server upon which you sit. You can install anything -- bad WordPress plugins, injectable code, whatever -- or you can never update your versions and never apply security updates either.
None of that is your host's shout. They are not going to come in and re-write the bad PHP you wrote or patch and clean the plugin you never updated.
Is this a legitimate ask by them?
Absolutely. And they're not requiring it of you; you can say no and opt to stay on top of all of the vulnerabilities that come with what we commonly use to run websites on the backend these days, but you're going to need some luck there too.
posted by DarlingBri at 7:06 PM on September 3, 2015
Response by poster: The provider offers a website builder tool which I've used to "build" a website and which has been my main site since 2007. In 2012, I bought a website builder tool, Serif, and built two sites which required me to buy a Network Solutions hosting package. Those two sites are hosted in the hosting package. All three sites are infected and inaccessible.
posted by CollectiveMind at 7:08 PM on September 3, 2015
posted by CollectiveMind at 7:08 PM on September 3, 2015
Response by poster: Each time I visit the sites, my malware software pops up to tell me the sites are infected and offers to protect me by quarantining the viruses. But the warning appears each time I visit any of my sites. I don't know what I can do to make my sites virus free.
posted by CollectiveMind at 7:10 PM on September 3, 2015
posted by CollectiveMind at 7:10 PM on September 3, 2015
I don't know what I can do to make my sites virus free.
But you do:
They also say they can disinfect my sites for an additional $6.99/mo.
posted by DarlingBri at 7:25 PM on September 3, 2015
But you do:
They also say they can disinfect my sites for an additional $6.99/mo.
posted by DarlingBri at 7:25 PM on September 3, 2015
Can you wipe out the site, and restore it from backups? You might want to acquire the services of someone with familiarity with the hosting platform for an afternoon and see if they can sort it out by judicious administration. You might need to upgrade the components you use if one of them was the source of the intrusion, as well as change all the account access information in case that was stolen.
posted by nickggully at 8:01 PM on September 3, 2015
posted by nickggully at 8:01 PM on September 3, 2015
Best answer: What was the deal with the Serif package? Lifetime updates and support, or something else?
Websites built on dynamic codebases rot badly. From what you describe, you may be stuck with a legacy proprietary system that's no longer receiving updates, generates vulnerable code, that nobody at NetSol really cares about and more importantly, nobody there has the capacity to fix once and for all. It's a long-sunk cost. FWIW, $6.99 a month may well be reasonable given the hourly rate of people with the skill to identify and remove malware and the causes of malware. If you want to avoid that, you may need to nuke your sites from orbit and rebuild on a modern foundation.
posted by holgate at 9:21 PM on September 3, 2015
Websites built on dynamic codebases rot badly. From what you describe, you may be stuck with a legacy proprietary system that's no longer receiving updates, generates vulnerable code, that nobody at NetSol really cares about and more importantly, nobody there has the capacity to fix once and for all. It's a long-sunk cost. FWIW, $6.99 a month may well be reasonable given the hourly rate of people with the skill to identify and remove malware and the causes of malware. If you want to avoid that, you may need to nuke your sites from orbit and rebuild on a modern foundation.
posted by holgate at 9:21 PM on September 3, 2015
If they are your sites that are infected then it's up to you to get that malware off your sites. That's your responsibility. If the websites you maintain aren't infected with Malware and the alerts are because OTHER websites behind the shared IP you all are using are infected, then you need to move a better web host that uses more secure development and hosting platforms.
posted by Annika Cicada at 10:51 AM on September 4, 2015
posted by Annika Cicada at 10:51 AM on September 4, 2015
This thread is closed to new comments.
If you bought private server type hosting, then the software is all up to you--your duty to select high quality software, to keep software up to date, and to recover after a security bug in that software is exploited.
On the other end, if you are using 100% software that is installed by your hosting provider, it is up to the hosting provider to ensure that software is up to date and secure, and to recover after an intrusion.
Somewhere in the middle are systems where the provider takes care of the basics but you have the freedom to install plug-ins and themes and otherwise have a role in controlling what software is running your website. In this case, the provider should keep the underlying software up to date, it's up to you to select high-quality plug-ins and keep them up to date, and the real responsibility for recovering from an intrusion should depend on whether the flaw was in the core software or the plugin. This can be difficult to determine after the fact. In this case, a provider should probably err on the side of cleaning up your messes at least once without question (and price the service appropriately).
posted by jepler at 3:57 PM on September 3, 2015