Hey all…I figured I would re/cross post a recently article I did on managing a customers’ problems with respect to a recent malware infection. In this case, the addon to the story that was not published was that the webhost he was on, didn’t help much. One of those ‘you’re on your own buddy’ kind of things.
There is a danger in that, specifically when some of these customers are larger! In this case, the guy had 15 properties, spanning across many cloud-based partitions. He was a high margin customer. Yes, I said ‘WAS’.
The customer has moved on. Not only due to the ‘lack of service’ response he got, but also that the virtualized servers he was placed on had ANCIENT versions of apache, ssl libraries, etc. The vendor refused to upgrade.
As a hoster you have to be careful about your technology selections, especially if you’re going to get deeply mired in virtualization and such. Core technologies are moving fast, and you have to keep up to date. Never mind older versions of apache getting flagged, if you are providing ANYTHING less than the most recent WordPress release from last week in your control panels, YOU are opening up your customers and yourself to a world of hurt.
The vulnerabilities and exploits are spreading so quickly now, and getting to be easy to find thanks to Google, we’re seeing zero-day exploits of wordpress blogs daily.
So, YMMV, but keep in mind, that your customers generally look to their hosters FIRST for help! Look at this as an opportunity! Its a rev opp, its a customer delight opportunity as well. Preempt the issues by scanning yourself first. Keep on top of the basics, and above all, respond quickly when there is an issue.
In this case, it took HOURS to clean up this infection, and there were several. ‘Not my problem’ I’ve heard dedicated hosters say several times. Well, it is when the customer leaves!
Original Link: http://blog.54f3.com/2009/12/03/tools-%E2%80%B9-54f3-com-website-security-audit-scanning-%E2%80%94-wordpress/
Malware Infection, Cleanup and Vulnerability Analysis and Consulting Services…
ALERT: TRUE STORY BELOW..
Want to understand how simple it is to secure your site? Sure, we’ll take a real customer example from this week to document the story.
(Names and Certain Elements removed to protect confidentiality)
Context:
Large financial news information site that was recently infected several times. Running an older (but not so old) version of WordPress. Established site, running for years, great following.
Attacks:
Several different approaches, including a desktop infection, which then infected the site. Infections spread internally from there.
Impacts:
Malware was being distributed to its 2000+ unique viewers a day. Due to the depth of the attack, google has reindexed the site with all of the pornographic and male-enhancement site links, meta tags, etc. Effectively, the site (and business) is in bad shape, SEO results are suffering.
The Approach:
Customer signed up for a free scan, which resulted in the 1st metric on the chart below (roughly 1,640 High and Medium Vulnerabilities) – Keep in mind, this is a fairly large site.
The customer took the recommendations and executed some of them (upgrading WordPress being the first). After contacting our support group, we went through the rest of the report, and summarized the findings, and recommendations.
Luckily the Malware Alert Attack Site! flags have been removed from most browsers..
Conclusion:
As a result, we’re now down to 2 high severity issues, and about 70 medium severity. Direct Malware injections were removed. Now we’re going through the last steps to remove the last stragglers of the infection, (some things are set to reinfect after removal, etc.), and CLOSE THE DOORS on the site.
We’ll wrap up the work in a day or so, and the customer will be free from the existing hacks, and we will be monitoring his site on a daily scan basis (for both vulnerabilities and Malware) for the next few months.
Actual Screenshots from the Reporting Tool @ 54f3.com
We have summarized the vulnerabilities detected over time (added medium and high priority issues) in order to give you a snapshot of your performance over time
Total Issues: Below are the issues detected on this scan, and the last scan.
 |
 |
About Jason Remillard
Jason Remillard has been involved with Enterprise IT for over 15 years now with extensive exposure to corporate security and compliance issues. He has a proven track record leading geographically diverse development teams in North and South America, Europe, China and India. A strong communicator who has delivered CxO-level presentations globally and fostered advanced relationships with Microsoft, Cisco, Novell, and other high-profile vendors - Jason is currently with Quest Software Inc - as a Product Manager for some of its leading Enterprise security and automation toolsets.
No related posts.
