I am looking for advice on protecting my website, inthewoodshop.com
The server I use is Readyhosting in the USA. They were chosen early on (about 10 years ago now) as they were (a) cheap, (b) easy to set up, and (c) I did not have a clue at the time. Over time there have been a few ups-and-downs but overall they have remained cheap and reliable. They offer good support, which is important.
Some months ago, reading reports on the Internet, I began to be concerned about the possibility of the website being "attached" and contaminated by malware. I contacted a company - SiteLock - that offered a service scanning for malware, and took out a contract for a year. Very shortly after this Google contacted me to say that there was malware on the site. This was not picked up by SiteLock. ReadyHosting confirmed its presence, and I dealt with it by deleting the offending files and restoring fresh from my MacBook Pro. All my files are now checked on my computer by ClamXav. I used to also run Windows via Parallels, and it is possible that some malware could have got in that way on some files a few years ago. I do not use Windows anymore.
About 10 days ago I had two separate alerts from cyber friends on a woodworking forum that their antivirus program warned of malware on one particular index on my site. SiteLock did not pick this up. I deleted the files, and restored fresh files. My friends confirmed that there were no warnings any longer. A few days after this Sitelock sent me a notice that my site had malware. My friends disagreed, as did ReadyHosting when I alerted them to this. I checked via Securi Sitecheck, who also passed the site as clean.
SiteLock suggested that I contact them:
We have detected a critical malware vulnerability at your site inthewoodshop.com. This must be corrected within 72 hours in order to maintain your certification and continue to display the SiteLock security badge. Please access your SiteLock dashboard for more details.
From your dashboard, you can also take advantage of our Expert Services team to help you correct this issue.
Should you have any questions, please give us a call anytime at 415-390-2500. Our website security experts are here 24/7.
Thank you,
The SiteLock Team
This was their follow up email ...
This is now sounding like a scam. Googling for reviews brings out similar complaints from others.
I would like to add a firewall to my website, but do not know (a) whether it is necessary, or (b) who to have do this (certainly will not be SiteLock). Possibly Securi ...? One of their claims is that they look after WordPress. Cost is $99 p.a. for malware checks and cleanup when needed, and another $99 p.m. for a firewall.
I have since changed my password again to the website. Information is uploaded via FileZilla on my computer. In my understanding, the only way malware can get onto the website is if I upload it there since no interactions take place on the site, per se. I have to control this from my computer. If so, does one actually need a firewall? Or are there hackers who deliberately can and will still find a way in to plant the malicious files?
Note that I do not have adverts on my website. I pay all expenses in running it. It is not intended as a financial venture. It is a gift I give to my woodworking friends.
Advice please.
Regards from Perth
Derek
The server I use is Readyhosting in the USA. They were chosen early on (about 10 years ago now) as they were (a) cheap, (b) easy to set up, and (c) I did not have a clue at the time. Over time there have been a few ups-and-downs but overall they have remained cheap and reliable. They offer good support, which is important.
Some months ago, reading reports on the Internet, I began to be concerned about the possibility of the website being "attached" and contaminated by malware. I contacted a company - SiteLock - that offered a service scanning for malware, and took out a contract for a year. Very shortly after this Google contacted me to say that there was malware on the site. This was not picked up by SiteLock. ReadyHosting confirmed its presence, and I dealt with it by deleting the offending files and restoring fresh from my MacBook Pro. All my files are now checked on my computer by ClamXav. I used to also run Windows via Parallels, and it is possible that some malware could have got in that way on some files a few years ago. I do not use Windows anymore.
About 10 days ago I had two separate alerts from cyber friends on a woodworking forum that their antivirus program warned of malware on one particular index on my site. SiteLock did not pick this up. I deleted the files, and restored fresh files. My friends confirmed that there were no warnings any longer. A few days after this Sitelock sent me a notice that my site had malware. My friends disagreed, as did ReadyHosting when I alerted them to this. I checked via Securi Sitecheck, who also passed the site as clean.
SiteLock suggested that I contact them:
We have detected a critical malware vulnerability at your site inthewoodshop.com. This must be corrected within 72 hours in order to maintain your certification and continue to display the SiteLock security badge. Please access your SiteLock dashboard for more details.
From your dashboard, you can also take advantage of our Expert Services team to help you correct this issue.
Should you have any questions, please give us a call anytime at 415-390-2500. Our website security experts are here 24/7.
Thank you,
The SiteLock Team
This was their follow up email ...
| Dear SiteLock customer, |
| Your site needs a manual clean. We can clean this for you, at a one time investment of 300 USD. Or you can , upgrade your service, to our Enterprise plus plan, which would include unlimited cleans, for 74.99 per month, and we can clean this for you. Keep in mind, if you upgrade, you will need to keep that solution, if you cancel, you cancel all service. Please advise of how you wish to proceed. Thank you Sincerely, Sitelock Support |
This is now sounding like a scam. Googling for reviews brings out similar complaints from others.
I would like to add a firewall to my website, but do not know (a) whether it is necessary, or (b) who to have do this (certainly will not be SiteLock). Possibly Securi ...? One of their claims is that they look after WordPress. Cost is $99 p.a. for malware checks and cleanup when needed, and another $99 p.m. for a firewall.
I have since changed my password again to the website. Information is uploaded via FileZilla on my computer. In my understanding, the only way malware can get onto the website is if I upload it there since no interactions take place on the site, per se. I have to control this from my computer. If so, does one actually need a firewall? Or are there hackers who deliberately can and will still find a way in to plant the malicious files?
Note that I do not have adverts on my website. I pay all expenses in running it. It is not intended as a financial venture. It is a gift I give to my woodworking friends.
Advice please.
Regards from Perth
Derek
0 commentaires:
Enregistrer un commentaire