How to help secure your website

Maintaining a secure web site is very important. These articles provide information about how to secure your web site, how to reduce spam, what to do if your web site's security is compromised, and more.

SSL

SSL (Secure Sockets Layer) helps enhance your site's security. This collection of articles covers how to install and renew SSL certificates, redirect users to secure connections, and more.

Perpetual Security

Hosting security is important, and the A2 Hosting Perpetual Security initiative contains several features that help protect your web site from malicious actors. This collection of articles covers KernelCare and HackScan.

Securing a hacked site

If your web site gets hacked despite your best efforts, this guide is here to help you secure your site and help prevent future attacks. This article covers topics such as how to determine the cause of a hack, and how to clean up after a hack.

How to repair and secure a hacked site
This guide explains how to secure your web site after it has been hacked, and how to help prevent future attacks.

Determining the cause
The first step to securing your web site and getting back to normal operation is determining how it was hacked. In general, most hacks occur for one of the following reasons:

• Your FTP/SSH password has been compromised.
• File permissions for files or directories in the public_html directory are too permissive.
• You have a software application installed on your web site that contains a vulnerability. The vulnerability is being exploited to run arbitrary code on the server.

Software vulnerability hacks are more common than FTP/SSH password hacks, primarily because of the huge growth in pre-bundled software applications. Users often set up an application and then forget to apply security updates, leaving their sites vulnerable to attack.

Similarly, if a file or directory in the public_html directory has permissions set to 777 (full access), code or data may be exposed and potentially exploited by an attacker.

 Looking for software vulnerabilities

Out-of-date software applications often contain well-known security vulnerabilities that malicious actors can exploit using automated scripts. Software applications include anything you have installed using Softaculous, as well as any packages that you have installed manually. Usually these are applications such as blogs, image galleries, forums, shopping carts, content management systems, etc.

You should review all of the software applications that are installed on your web site. Make sure you have installed the most recent version and all updates. When you update software applications, make sure you check the plugins as well. If you have any non-standard plugins installed with your applications, do a web search for the plugin name and the term “vulnerability” to see if there are any known issues with your version. If you discover any known vulnerabilities, either update the plugin or disable it.

Cleaning up after a hack

After you have secured your web site, the next step is to clean up the mess left behind by the perpetrators and restore normal operation.

Stopping malicious processes

The first step in the cleanup process is to ensure there are no malicious processes still running on your account. Otherwise, you may go through all of the following cleanup steps, and these processes will simply wreak havoc all over again.
To view the user processes running on your account, follow these steps:

1.  Log into your account using SSH.
2. At the command prompt, type the following command:
3. Examine the list of running processes and look for anything suspicious. If you do see a suspicious process, note the process ID (PID) number.
4.  To kill any suspicious processes that you found, type the following command for each process. Replace process_id with the process ID (PID) that you noted in step 3:

Removing hacked files

You should go through all of the files in your account and delete anything that you did not put there. If you are using an FTP client, make sure it is set to show hidden files. Similarly, if you are using the command line in SSH, make sure you use the -a option with the ls command so it shows all files. (Many malicious files try to “hide” from casual observation by making themselves hidden.)

Although we recommend going through all of your files, you can prioritize your search. Look first for file modification timestamps that have changed since you last modified your site, or that occurred around the time the hack took place. If you identify a file that was modified during the hack (such as a defaced index page), you may be able to locate other affected files by searching for similar timestamps.

For example, to find all of the files that have been modified in your public_html directory within the last three days, follow these steps:

 Installing updates on your server

This article describes how to install updates on an unmanaged server. Maintaining an up-to-date server with the latest patches and fixes is one of the most important things you can do to make your server more secure.

Follow the appropriate procedures below for your server's operating system.

 AlmaLinux and Fedora

To download and install the latest updates immediately, type the following command as the root user:
The previous command runs in interactive mode, which means you are asked at certain points during the update process whether or not you want to continue. To install updates without any user intervention, type the following command instead:

Debian and Ubuntu
To search the repositories for updates and then install them immediately, type the following command as the root user:
The previous command runs in interactive mode, which means you are asked at certain points during the update process whether or not you want to continue. To install updates without any user intervention, type the following command instead: