Scheduled Scan on our Windows Servers
Posted by on 14 April 2016 07:44 PM
Please be informed that we will be deploying a security scan on our Windows servers. This scheduled scan is to detect all malicious files that can make your websites vulnerable and to secure the website.
Here are the common questions that may come in your mind about this scan process.
1) What happens if the scan identifies infected files from my website directory?
All such files will be get moved in to a directory named 'clamdscanDD_MM_YYYY' with in your domain directory as shown below,
Location : httpdocs\clamdscanDD_MM_YYYY
The infected files of addon/sub-domains will also reside under the document root of the primary domain in the same directory “clamdscanDD_MM_YYYY”.
You can check this directory via Plesk Filemanager or using a FTP client (filezilla).
2) But those are my valid files.
Quite possible. A valid web file can get infected by various means of injections. We have noticed even the configuration files of CMS applications can get infected with a single malicious line.
3) How do I fix this?
The files which we moved to clamdscanDD_MM_YYYY directory will remain there for next 30 days.
This will allow you to download the folder in to your local machine, scan with updated antiviruses, verify it with your developer and upload a fresh copy of it or remove the injected line.
Once this is done, make sure the CMS applications installed on your website including its themes and plugins are updated to its latest version and the scripts are properly optimized to seal all security holes.
You can also purchase SiteLock product from us to secure the website.
4) Will this affect my website?
Depends on the file that got infected.
If its a core file of your website, moving the same will cause a downtime. We are moving those files in order to secure your website data and resource from getting compromised or misused further.
You can remove those infected files and upload a fresh copy of it or remove the injected line, then restore it back to its proper location to make the website functioning.
We recommend you to get help from your developer.
5) Will there be any report file available to refer the list of infected files?
Yes, you can refer to the log file that will be saved under your domain directory as shown below,
Location : httpdocs\clamdscanReportDD_MM_YYYY.log
6) How these infected files came in the first place?
Our studies on the server shows that all such security issues on a website happens from configured CMS applications as it is not updated to its latest release, or due to a poorly developed script that have many security holes with in it which allows the intruders to break in.
7) From when this scan will be active?
We will be starting the first batch of servers from Monday, 18th April 2016 and it will be followed by rest of the servers.
In case if you need more clarifications on the same please feel free to contact our support team.