Managing my domain security without paying for more services
May 31, 2017 9:07 AM Subscribe
I used WordPress to make a professional website about 5 years ago. Two weeks ago, I got an email from my site's web host, Netfirms, about security issues on the site. Now I'm getting sales calls from SiteLock to follow up on this detected threat. I'm not sure if this is just a sales ploy or there's actually something I need to do here. If I need to do something, I'd love some better guidance than Netfirms has given me.
The email said this:
During a routine scan, the security team at Netfirms
discovered infected files in your "[my domain name]" account.
Typically, these security vulnerabilities are due to the presence of
an outdated application or script in your account.
You can view a list of the infected files in the /stats directory of your
account, in a file named 'websitescan.txt.' You can find more
information on how to access this file, interpret its contents, and
remove infected files in the article below:
http://www.netfirms.com/knowledgebase/beta/article.bml?ArticleID=437
There was no file called websitescan.txt, and I spent a while digging, but couldn't find anything indicative of infected files. This isn't something I have tons of experience with, though.
In the past couple of days, I've been getting sales calls from SiteLock trying to sell me a $50/month (!!) security package. I was worried it was a scam at first, but they didn't ask for any personal information. I declined all services- I already pay NetFirms more than I'm comfortable with. It wouldn't be the end of the world if I had to rebuild it, although I don't want to lose my domain name.
Any suggestions for next steps?
The email said this:
During a routine scan, the security team at Netfirms
discovered infected files in your "[my domain name]" account.
Typically, these security vulnerabilities are due to the presence of
an outdated application or script in your account.
You can view a list of the infected files in the /stats directory of your
account, in a file named 'websitescan.txt.' You can find more
information on how to access this file, interpret its contents, and
remove infected files in the article below:
http://www.netfirms.com/knowledgebase/beta/article.bml?ArticleID=437
There was no file called websitescan.txt, and I spent a while digging, but couldn't find anything indicative of infected files. This isn't something I have tons of experience with, though.
In the past couple of days, I've been getting sales calls from SiteLock trying to sell me a $50/month (!!) security package. I was worried it was a scam at first, but they didn't ask for any personal information. I declined all services- I already pay NetFirms more than I'm comfortable with. It wouldn't be the end of the world if I had to rebuild it, although I don't want to lose my domain name.
Any suggestions for next steps?
If you do have infected files, you can run Wordfence for free to find them: https://www.wordfence.com/. I have successfully used it on infected sites.
posted by Mo Nickels at 9:28 AM on May 31, 2017 [5 favorites]
posted by Mo Nickels at 9:28 AM on May 31, 2017 [5 favorites]
Seconding Wordfence, not just for cleanup but to prevent issues.
posted by ElGuapo at 9:43 AM on May 31, 2017
posted by ElGuapo at 9:43 AM on May 31, 2017
I used to get those from an old web host, and it turned out the "vulnerability" was simply left over files from an older version of Wordpress that weren't deleted during an upgrade. So really, no vulnerability at all. If you don't find anything doing your own scan I wouldn't worry about it.
posted by COD at 9:48 AM on May 31, 2017
posted by COD at 9:48 AM on May 31, 2017
Like everyone else is saying, turn on Wordpress automatic updates! Wordfence is excellent too.
Check on all your plugins, and make sure that they have been updated in the last year or two.
There are a bunch of Wordpress vulnerability scanners. Run a few and see if anything shows up.
posted by gregr at 11:59 AM on May 31, 2017
Check on all your plugins, and make sure that they have been updated in the last year or two.
There are a bunch of Wordpress vulnerability scanners. Run a few and see if anything shows up.
posted by gregr at 11:59 AM on May 31, 2017
It's a real vulnerability, in that the bad code is still there and could be turned on mistakenly. If it's not there at all then it's not a risk. That said, it's probably minor, though I would get rid of it, especially given that Google is trying harder these days to avoid linking to known vulnerable sites.
posted by wnissen at 4:29 PM on May 31, 2017
posted by wnissen at 4:29 PM on May 31, 2017
SiteLock is a product of Netfirms, so it sounds like a normal upsell from your hosting provider. I'd go with the advice above and ignore the spam.
posted by rhizome at 5:22 PM on May 31, 2017
posted by rhizome at 5:22 PM on May 31, 2017
If your site were actually seriously infected, it could be used to attack other folks/sites—so your provider would disable the site, or threaten to. If they're not mentioning anything like that, it's probably just an up-sell.
posted by vasi at 3:16 AM on June 2, 2017
posted by vasi at 3:16 AM on June 2, 2017
This thread is closed to new comments.
posted by EndsOfInvention at 9:17 AM on May 31, 2017 [1 favorite]