Website cleaning, Drupal software upgrading, security checking
- or -
Post a project like this1795
£22/hr(approx. $27/hr)
- Posted:
- Proposals: 17
- Remote
- #2379542
- PRE-FUNDED
- Awarded
PPH #1 Service Provider in Development & IT : Wordpress|Magento|React Native|Mobile App Development|Angular|Node.js
Mohali
3207411501901264131825933822574263253610024911572486998243369722848341283421364388
Description
Experience Level: Expert
I need my website to be cleaned from malicious files - please see an email that I have received from Tsohost below. I would also like it updated with latest software version and reCAPTCHA added to the contact page. Plus advice/action to keep the website updated in the future. (Site is approx 750MB)
Below is the content of the email I refer to above:
Unfortunately, malicious activity has been detected on your achieveexcellence.co.uk account. Such activity can harm the site's visitors, as well as its reputation on search engines and the reputation of the server with email providers. As such, this is seen a breach of our acceptable usage policy and has left us with no choice but to temporarily disable part or all of the account.
Although it is an undesirable outcome, disabling the account is the best way for us to limit the harm malicious content or activity can cause to the website, its visitors and other Tsohost customers until the cause of the issue has been identified and resolved.
If the website is showing an error instead of displaying its content then this will be due to malicious content or behaviour originating from its files, so we have had to take it offline until the issue has been resolved.
How has this happened?
Often this is caused by a vulnerability somewhere in your website's code which has allowed an attacker to inject malicious scripts into your website. Normally this is possible via exploitable vulnerabilities in out-of-date software in your site's application such as plugins or themes which you have installed. It is also possible due to poor security practices in custom-written website code, or insecure passwords for your email, ftp or hosting accounts or the website's admin areas.
Preventative measures
There are various steps you can take to increase the security of your website and help prevent this from happening again in the future. Some of these include:
Keep up-to-date with the latest software versions on your website
This includes content management systems and applications such as Wordpress, Joomla! and Prestashop; pro-actively update both the core software, and all plugins & themes that are installed. Depending on your application, there may be additional security plugins you can install to help you keep on top of updates. It is also good practice to delete any themes or plugins which are not being used, as even an inactive plugin could act as an entry point to the rest of your website.
Use secure administrative passwords
Your website could be compromised if an attacker knows or can guess a password to any one of your hosting account, email, FTP accounts, or the site's admin areas. It's a good idea for these to be at least 8 characters long and contain a mixture of lower and upper case letters, numbers and unusual characters.
Regularly scan your PC and other devices for malware
No matter how secure your website is, malware on any device you use to access administrative accounts for your website or email, could lead to an attacker gaining a critical password for your site and lead to it being compromised.
What to do next
When a website is compromised in this way, additional 'backdoors' could be injected and hidden amongst the site's normal code to allow an attacker to compromise it again in the future. It is therefore important that every trace of malicious code is identified and removed before the site can be brought back online.
Cleaning up compromised websites is unfortunately not a service we are able to provide, so if you are unsure of how to proceed with doing so we would recommend you contact a specialist web developer for advice and assistance.
We are able to allow restricted access to the site for you or your developers if this is something that you require. When you are certain the website is rid of any malicious code or content, please contact us and ask for the site to be reviewed. It would help for you to demonstrate steps which have been taken to secure the website and your account.
If we believe the site is clean and no longer poses a risk, we will make it publicly accessible again.
Kind Regards
Your tsoHost Team
Below is the content of the email I refer to above:
Unfortunately, malicious activity has been detected on your achieveexcellence.co.uk account. Such activity can harm the site's visitors, as well as its reputation on search engines and the reputation of the server with email providers. As such, this is seen a breach of our acceptable usage policy and has left us with no choice but to temporarily disable part or all of the account.
Although it is an undesirable outcome, disabling the account is the best way for us to limit the harm malicious content or activity can cause to the website, its visitors and other Tsohost customers until the cause of the issue has been identified and resolved.
If the website is showing an error instead of displaying its content then this will be due to malicious content or behaviour originating from its files, so we have had to take it offline until the issue has been resolved.
How has this happened?
Often this is caused by a vulnerability somewhere in your website's code which has allowed an attacker to inject malicious scripts into your website. Normally this is possible via exploitable vulnerabilities in out-of-date software in your site's application such as plugins or themes which you have installed. It is also possible due to poor security practices in custom-written website code, or insecure passwords for your email, ftp or hosting accounts or the website's admin areas.
Preventative measures
There are various steps you can take to increase the security of your website and help prevent this from happening again in the future. Some of these include:
Keep up-to-date with the latest software versions on your website
This includes content management systems and applications such as Wordpress, Joomla! and Prestashop; pro-actively update both the core software, and all plugins & themes that are installed. Depending on your application, there may be additional security plugins you can install to help you keep on top of updates. It is also good practice to delete any themes or plugins which are not being used, as even an inactive plugin could act as an entry point to the rest of your website.
Use secure administrative passwords
Your website could be compromised if an attacker knows or can guess a password to any one of your hosting account, email, FTP accounts, or the site's admin areas. It's a good idea for these to be at least 8 characters long and contain a mixture of lower and upper case letters, numbers and unusual characters.
Regularly scan your PC and other devices for malware
No matter how secure your website is, malware on any device you use to access administrative accounts for your website or email, could lead to an attacker gaining a critical password for your site and lead to it being compromised.
What to do next
When a website is compromised in this way, additional 'backdoors' could be injected and hidden amongst the site's normal code to allow an attacker to compromise it again in the future. It is therefore important that every trace of malicious code is identified and removed before the site can be brought back online.
Cleaning up compromised websites is unfortunately not a service we are able to provide, so if you are unsure of how to proceed with doing so we would recommend you contact a specialist web developer for advice and assistance.
We are able to allow restricted access to the site for you or your developers if this is something that you require. When you are certain the website is rid of any malicious code or content, please contact us and ask for the site to be reviewed. It would help for you to demonstrate steps which have been taken to secure the website and your account.
If we believe the site is clean and no longer poses a risk, we will make it publicly accessible again.
Kind Regards
Your tsoHost Team
Chris M.
100% (2)Projects Completed
2
Freelancers worked with
2
Projects awarded
100%
Last project
1 Feb 2022
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies