WEB SECURITY RESEARCH
WEBSITE MALWARE CLEANING
CUSTOM DETECTION, CLEANING & MONITORING SOLUTIONS
ABOUT TZ SECURITY
TZ Security team is researching various aspects of web security; big part of activities include finding botnets, banker trojans, phishing pages, drive-by downloads, ransomware distributors and other cyber criminal activities, analyzing found samples (and samples shared in security researcher groups) for further improvement of own web security solutions against web threats.
TZ Security is using several layers of defense to protect websites from malicious traffic and hacker intrusions. After initial malware removal and server / php hardening we monitor server files for any changes and we scan & observe all web requests for known and unknown cyber threats, hacking attempts, automated vulnerability scanners, etc, keeping website safe 24/7.
Even if your website is not compromised (yet), contact us. Prevent loss of confidential data, money, visitors, and reputation. Intrusions are the sad reality, there is no enough small or big website for hackers. Hackers are deploying new tactics every day, protection that worked yesterday may not work good enough today. Security through obscurity is not solving problem either. Contact us to secure your web assets.
TZ SECURITY SERVICES
- malware detection and thorough cleaning of compromised sites and servers
- active researching of new attack vectors & daily updating of protection system
- proactive security and hardening against further intrusions & hacking attempts
- deobfuscating, decoding and analyzing encrypted malicious codes and scripts
- server & web applications vulnerability researching, security audits by request
- website optimization & tuning for security, speed and overall site performance
- daily monitoring, file integrity checking, overall protection of sites & servers
WEBSITE MALWARE CLEANING PROCESS
step 1 – full website and database backup, original state before any malware removal. In case of any problem we can restore everything to previous state.
step 2 – Server Scanning – we use our custom coded scanner with excellent malware pattern database, made from thousands of collected samples. Database is regularly updated.
step 3 – Checking files found in step 2. This is 100 % manual work, file by file, slower but safer process which leaves no room for mistakes.
step 4 – 7 day server traffic monitoring – monitoring of client’s website and observing traffic requests, visited pages, files and paths, looking for various traffic anomalies and potential threats, adjusting custom server and php hardening (php.ini and .htaccess)
After cleaning we are sending report about what we have found, possible scenario how intrusion happened on first place and what we have done about it. Click here to read more detailed process.
Disabling unnecessary functions, adding security headers and blocking specific url queries we can protect client’s web applications from many generic hack attempts, sql injections, directory traversals, etc.
This is basic but very powerful layer of protection.
– Custom php.ini – blocked and disabled dangerous functions and options that should not be active on your server. Everything will be checked properly so nothing is blocked in your application(s).
– custom .htaccess – carefully set rules for security, server tightening, filtering out various bots and user agents, blocking specific requests characteristic for rfi/lfi/sql/xss, hotlinking prevention, etc . Additionally, we will take care of proper speed and performance optimizing of client’s site, with rules for expired headers, etags, gzip/deflate, etc… client’s sites will load faster and use less server resources.
– file permissions (CHMOD) – we will check and set correct permissions on all files and folders.
Excellent layer of security. Regularly updated standalone php script (works with any php website, CMS or framework) which is checking all GET, POST, REQUEST, COOKIE values for specific patterns and block access to site before any damage is done. We will check the type of application in use, adjust or remove some of conflicting rules (if any) so everything on site can work properly.
Protection against common (and uncommon) XSS / LFI / RFI / SQL injections, Directory Traversal attempts, scrapers, scanners, bots, crawlers and other potentially harmful & resource hogging requests. Active researching and daily updating for new malware variants and heuristic patterns to prevent unknown attacks. Additional filtering by IP ranges, user agents, hosts.
Daily check for any changes on server & website files. All files are scanned recursively, hash values are calculated and compared with previous clean state, each day. If something is added, removed, or changed on server / website, we will know and check/clean if necessary – incident response time is maximum 8 hours (but usually much faster).
Manual backup of all files and database, downloaded to our storage units. We are keeping last 4 backups of each web application and corresponding database.
Handling of backups is off-site, in secured environment; we use standard 4Tb hard-disc units (same as Facebook is using), physically disconnected from any internet / intranet / local network access.
* Note: backup is optional service, invoiced separately if someone need it. Cloud backups are cheaper options, but if client prefer offline backups, we can do it.
Price for download + storage is 5 us$ for 1 backup (application+database) / month, or 20 us$ for 4 backups/month. Prices are for up to 1Gb of data (per one backup).
"If you spend more on coffee than on IT security, you will be hacked. What's more, you deserve to be hacked."
White House Cybersecurity Advisor, Richard Clarke
"Amateurs hack systems, professionals hack people."
"99 percent secure is a 100 percent insecure."
"I am safe, my neighbor's kid installed me some security plugin, he is good with computers."
"My designer told me I shouldn't update site and plugins because it will mess his work."
"My site is small and insignificant for hackers, I will never be hacked."
"Last year professional checked my site and it was secure."
"I've purchased SSL certificate, I am safe now."
Full TZ Protection
49 US$ / Month
|Malware Removal||Malware Removal|
|Server & PHP Hardening||Server & PHP Hardening|
|7 days server/website files monitoring||24/7 server/website files monitoring|
|7 days URL filtering||24/7/365 URL filtering|
|-||Purchase full year for 499 US$ (save 89 US$)|
Price of cleaning is per web application. Sites are usually build on 1 application or platform (WordPress, Drupal, Joomla, forums, etc) but sometimes website consists of several applications that works together, so each application is counting like a separate install and will be invoiced accordingly.
If you have several sites on one hosting account, we can provide discount. If we have to clean more sites on several separate servers or accounts, we don’t give discount since we have to do full scan and manual check of all sites separately.