What you need from the client before cleaning process?
After payment,client need to submit:
– FTP credentials (host, username, password)
– Control Panel credentials (username and password for cPanel, Plesk, Webmin, CentOS or whatever your hosting gave you)
– CMS credentials (username, password)
What is the basic workflow of your cleaning process?
– full website backup
– Scanning of all files for patterns, functions, keywords, etc and listing them
– Checking manually each file for found patterns
– 7 day server traffic monitoring and adjusting of server hardening (If client purchase full service, monitoring is daily based)
To see detailed workflow, please visit our Services page.
What is included in One-Time Cleaning service?
Malware cleaning + 7 days of monitoring + server hardening.
After initial cleaning we will monitor website traffic logs (GET/POST requests to pages and files) and look for threats, vulnerability scanning, suspicious activities. By collecting and processing traffic data, we can:
– improve our default database which is shared between all our clients,
– detect & prevent more issues and hacker probings
– set more custom rules to block and prevent further access of malicious traffic
– provide overall better protection of your server / site.
What is included in Full TZ-Security Service?
Malware cleaning + 365 days of monitoring + server hardening (with updates) + Firewall Script (with updates) + daily file integrity monitoring.
In other words, you will get your web security done right.
I have custom modifications on my CMS platform, can I skip updates?
Keeping old versions of Joomla, WordPress, Drupal, forums, eCommerce platforms, etc is leaving open doors to hackers and we will not be able to do our job properly because entry points would be still open for them. There is several sites with lists of known vulnerabilities for all major content management systems and their “Proof of concept” scripts ready for script kiddies to use and attack your site.
We will ask you to keep updated all your themes and plugins. Our hardening will cripple their efforts and limit damage in many cases but there is always a factor of new malware variants and daily found zero-day exploits, so we can not guarantee long time 100 % protection. Keeping everything updated is very important factor in prevention of new attacks. Every now and then you need to login to your account and do updates if necessary.
It is client’s responsibility to keep CMS and plugins updated and use always latest versions. We will not do it for you because if your CMS is too old it can get broken after update. Also, if you have customized some of the core files (or your web designer did it), please keep tracks of all modifications and before updating make full backup of all files and database; If you insist from us to do updates and site design or functionality get broken, it is not our fault and we will not attempt to fix it.
Password Changing – is it necessary?
If we ask, you have to change all passwords (CMS login, FTP credentials, database, cPanel). If we see that your password is weak and easy to guess, we will make for you 20-chars random passwords, something like this – r#O(%J0)xf3FeGtE8wOT. Why so random? It is harder to guess or crack. There is a plenty of free applications to keep passwords safe and copy/paste them when necessary.
Server is getting re-infected, what to do?
If your site get reinfected even after everything on server and web application is cleaned, patched, secured and protected with new passwords, we might ask you to check the security state of your personal computer. If you don’t know how to do it, hire someone to clean it properly or hire us to do it; we will ask for TeamViever access so one of our technicians can check and clean your computer remotely.
PC malware and virus cleaning is separate service done by professional IT personnel in our office, charged 30 usd per cleaning. PC cleaning is important because login details can be taken directly from user computer; users are clicking on malicious links on internet and downloading files without thinking, files which are often binded with keyloggers, viruses or trojans capable to search and steal passwords from your FTP software. Sometimes simply visiting some site can get your PC infected, through vulnerable browser plugins (java, flash, etc). After that, passwords and logins are sent to hacker’s remote location, and you know what happen next.
Do I need to keep backups?
Yes. It is common sense. It is your responsibility to keep at least few last weekly backups of files and database, so site can be restored if something happen. Also, we can help with full weekly or monthly backups, please visit Service page. If malware replace or remove some of core files or inject itself into every file, sometimes makes more sense to just replace files with prior, clean backup. If you don’t have backup or you are not sure is it clean or already infected, we will do our best to find original files from official repositories and replace them. Still, you will need to keep tracks about your custom design and changes.
We will check the versions of OS and software on your server or hosting account, and if it needs upgrades we will recommend you to contact your hosting provider and ask for updating. If you have dedicated server where you can do updates, we will ask yo to do it. In case of breach that you could prevent with recommended updates but failed to do it, we will charge new cleaning or cancel monitoring service. Part of our service is to check and disable several functions used by hackers to escalate privileges, root server and do whatever they usually do.
What is your pricing scheme?
Price of cleaning is per web application. Sites are usually build on 1 application (WordPress, Drupal, Joomla, forums, etc) but sometimes website consists of several applications that works together, so each application is counting like a separate install and will be invoiced accordingly. If you have several sites on one hosting account, we can provide discount. If we have to clean more sites on several separate servers or accounts, we don’t give discount since we have to do full scan and manual check of all sites separately. If you are not sure what kind of setup you have on server it is best to contact us prior the purchase, we need to see the content on server(s) to be able to get you a correct quote.
Do I need full TZ-Security protection?
It is recommended for overall security and further protection, but of course, it’s up to you. If you have one simple site for small-medium business, you will be ok with one-time cleaning. If you have more sites on server and you like to experiment with various plugins and scripts, or your business depend solely of online presence, it is wise decision to pay a small fee for updates, eventual new cleaning actions, checking integrity of files and filter malicious traffic from your website.
What to do if I have more sites on same hosting account but only one is infected?
Regardless of your advice, can you clean just this one site?
Sure. We can clean one site and leave other sites un-cleaned if you really insist, but we are not able to guarantee the security or provide any support after initial cleaning. If site get reinfected from backdoors placed in other sites on your server, we can not be responsible (since we warned you) and we will invoice new cleaning.
In case of any changes on your side (adding more sites, transfer to another server where unchecked sites are hosted, etc) we can detect and inform you that something is infected, but we will stop monitoring until additional malware removal service is purchased.
The point is – to be really sure that everything is ok, purchase cleaning & protection for all sites on same hosting.
How much time you need to clean the site?
It can be in 2 hours if site is smaller, but also it can be 6 or more hours if you have more sites on server or we are overloaded working with other clients. We understand that it is important to get back online with clean site as soon as possible and we will do our best to do it in shortest time-frame.
Do you use fully automated cleaning?
We don’t use automated removing of malware or automated cleaning of any sort; there is no safe way to let the scripts do cleaning job since codes and functions can be false recognized as bad, even if code is actually “good” or part of the core files. Everything (and I mean everything, even images) is checked and cleaned manually by us. “leave no stone unturned” is the only way to be 100% sure that everything is clean.
Only what is automated by us is scanning server recursively through all folders and files on server and listing found “bad” codes for further checking and removal.
Whoever is promising you automated cleaning and quality work in same sentence most probably is going to miss a lot of malware and/or possibly remove some legal files and make a damage. We have worked on many cases where frustrated, desperate people are coming from self-proclaimed “experts” found on freelance sites and cheap rent-a-coder places. Personally, I don’t trust to their reviews, they can be purchased or submitted by people from “circles” with similar interest.