In This Guide

x

Getting Started with Sucuri

Published on: Sep 27th, 2018

Welcome to the Sucuri dashboard! Here is where you have access to an overview of your website security status. However, in order to have the most effective and accurate results, every new user must complete some basic steps to ensure their website is configured properly.

The intention of this guide is to focus on the essential steps to set up protection and monitoring, so you can have peace of mind.

Step 1:
Monitoring

Sucuri offers both remote and server side monitoring. Once these are properly set up, we will scan your website externally and internally for indicators of compromise. You’ll also receive weekly and monthly reports and have access to audit logs.

Our malware monitoring identifies the following:

  • 1. obfuscated javascript injections
  • 2. cross-site scripting,
  • 3. website defacements,
  • 4. hidden & malicious iframes,
  • 5. PHP mailers,
  • 6. phishing attempts,
  • 7. malicious redirects,
  • 8. backdoors,
  • 9. drive-by downloads,
  • 10. SEO blackhat spam.

In order to begin monitoring activation, we must first add your website to the monitoring dashboard.

1.1 - Remote Scanner

These scans are unique in their efficiency. They have the capacity to camouflage themselves as a visitor in order to spot conditional malware via source code. It checks what hundreds of different visitors might see when they access your site.

Sucuri Website Monitoring

Screenshot Website Monitoring

To set up remote scanning in the Sucuri dashboard:

  • 1. Log into your Sucuri account: https://login.sucuri.net/login/
  • 2. On the Website Monitoring tab, click Add Site.
  • 3. Enter your website URL. You can also add multiple sites by adding one per line.
  • 4. Click Add Sites.

The remote scanner will begin automatically scanning your website. This can take up to one hour to complete.

Note

Make sure to set up the server side scanner in the next step. Remote scanners have limited access to your website files.

1.2 - Server Side Scanner

Server-side scanning, unlike the remote scanner, has access to scan your website file server and database. Not all website content is easily visible from the outside. Many website infections hide in your file system and never present themselves to visitors, such as DDoS and mailer scripts.

The server side scanner also tracks file changes, giving you an audit trail of your website file changes. Click Audit Logs for more information.

To set up server-side scanning in the Sucuri dashboard:

  • 1. Log into your Sucuri account: https://login.sucuri.net/login/
  • 2. On the Website Monitoring tab, click Settings.
  • 3. Click Server Side Scanner.
  • 4. Under Connection, click the drop-down arrow and choose SFTP.
  • 5. Type your SFTP username, password, and directory.
  • The SFTP Port is 22 (21 for FTP - we do not recommend using unencrypted FTP).
  • Click Enable Server Side Scanner.
  • If you get an error, you can follow the steps to enable the server side scanner manually by uploading a PHP file to the root of your website.

At this point, your Overview page for Monitoring should be clear of warnings. Your website is completely set up for monitoring once server-side scanning enabled!

Setting up Server Side Scanner

Screenshot Setting up Server Side Scanner

Caution

Setting up the server side scanner is a key to ensuring the integrity of your website. Do not skip this step!

Note

If you do not know your FTP information or need help setting this up, please submit a support ticket with your cPanel/Plesk or hosting account login information.

1.3 - Overview

We offer many types of monitoring. In addition to scanning your website externally and internally for malware infections, we also monitor blacklist authorities, your SSL certificate, and DNS records for unauthorized changes.

The Website Monitoring Overview will show security status and warnings:

  • Top left: Any warnings for malware found through our scans, injected spam, or defacements.
  • Top right: If your site has been blacklisted and by which blacklisting authority.
  • Bottom left: If your site is running properly, or if there’s been downtime or outages.
  • Bottom right: If there have been any changes to your DNS records and/or SSL certificate (SSL monitoring is not available on Basic plan).

Sucuri Monitoring Overview

Screenshot Sucuri Monitoring Overview

1.4 - Types and Frequency

After adding your sites to our monitoring, you can choose which monitoring types you want and the monitoring frequency.

To change monitoring types and frequency follow these steps:

  • 1. Log into your Sucuri account: https://login.sucuri.net/login/
  • 2. On the Website Monitoring tab, select your website.
  • 3. Click Settings > Monitoring Types
  • 4. Toggle On/Off switch to activate or deactivate monitoring types.
  • 5. Click the drop-down menus choose the scanning frequency.

Monitoring Frequency Settings

Screenshot Monitoring Frequency Settings

1.5 - Global Alert Options

Sucuri Website Monitoring provides the components you need to oversee your website security. By default, the email address you used to sign up with receive alerts. You can add other email addresses and set up alerts via SMS, Slack, and more.

To modify your alert options:

  • 1. Log into your Sucuri account: https://login.sucuri.net/login/
  • 2. Click your profile icon in the top right corner.
  • 3. Click Global Alerts
  • 4. In the Email section, you can add email addresses to receive alerts.
  • 5. Select the sections for SMS, Slack, Generic Post, or RSS to set up additional alert types.

Monitoring Global Alert Options

Screenshot Monitoring Global Alert Options

Monitoring Global Alert Options

Screenshot Monitoring Global Alert Options
Step 2:
Firewall

The Sucuri Firewall is a cloud-based WAF that stops website hacks and attacks. It is that protective layer that sits between your server and the visitor’s browser.

Here is a list of some of the top evolving threats we mitigate:

  • Brute force attempts
  • Vulnerability exploitation
  • DDoS attacks
  • SQL injections
  • XSS
  • LFI/RFI
  • Zero-day exploits

The Sucuri Firewall includes a CDN built on our global network of secure data centers. This is automatically enabled when you activate the firewall and makes your site faster across the world.

2.1 - Generate Firewall IP

Before you activate the firewall, you need to add your website to our firewall network and generate a firewall IP.

After our network has downloaded copies of your website content, you can switch your DNS (www.example.com) to point to your new Sucuri Firewall IP.

To generate your Firewall IP from the Sucuri dashboard:

  • 1. At the top, click Website Firewall.
  • 2. Click Protect My Site Now.
  • 3. Type your website URL and select from the checkbox options below.
    • a. I am currently under a DDoS attack: This option is for emergencies only, if your website is down due to DDoS.
    • b. I want you to restrict access to admin directories to only whitelisted IP addresses – if you use a CMS like WordPress or Drupal, this feature automatically restricts the admin area to whitelisted IP addresses.
    • c. I want to use Sucuri's DNS servers (free). Using our DNS infrastructure allows us to do geographic routing for optimized global performance, failover, and high availability.
  • 4. Click Add Site.

Add Site to Website Firewall

Screenshot Add Site to Website Firewall

Caution

Your website is not protected yet! You must continue with the following steps to complete activation. If you need help with this, please contact our support team.

2.2 - Test Internal Domain

After adding your website to the firewall network, you will see a warning that the Service is Not Activated. Now that the firewall is caching your website content, test the internal domain to make sure they working.

Firewall Not Activated Warning

Screenshot Firewall Not Activated Warning

To test the internal domain after adding your site to the firewall network:

  • 1. Scroll to the first step of the Activating Website Firewall Instructions.
  • 2. Click all the links under Internal Domains.
  • 3. If you see an error message, you may need to wait a few minutes and try again.
  • 4. Once your website is visible on the internal domains, you can proceed to activate the firewall.

Firewall is Activated

Screenshot Firewall is Activated

Note

If HTTPS is activated on your site, you won’t be able to test. Please temporarily disable forcing HTTPS if you need to test this.

2.3 Activate Firewall Protection

Activating the firewall means changing your DNS (example.com) to your new Firewall IP. This allows Sucuri to filter malicious traffic before allowing legitimate visitors to access your website.

We offer a few different options to activate the firewall:

  • Automatic Integration with cPanel/Plesk.
  • Use Sucuri DNS manager.
  • Manually change DNS records.

We included instructions below for each option.

Automatic Integration with cPanel/Plesk

To activate the firewall using cPanel or Plesk:

  • 1. Click I use cPanel or I use Plesk button under Automatic Integration.
  • 2. Enter your domain, username, and password.
  • 3. Click the Login to Plesk or Login to cPanel buttons.

Automatic Integration with cPanel/Plesk

Screenshot Automatic Integration with cPanel/Plesk

Use Sucuri DNS Manager

To use Sucuri DNS servers:

  • 1. Navigate to Settings > DNS.
  • 2. Click Activate to go to our DNS Manager.
  • 3. Review your DNS records that were pulled from your current DNS provider. Our system will try to collect all of your existent records but if you see anything missing you can manually add a new record.
  • 4. Log in to your host or registrar and change your name servers to match the Expected Name Servers in the Sucuri DNS Manager.

Use Sucuri DNS Manager

Screenshot Use Sucuri DNS Manager

Manually Change DNS Records

To manually change your DNS records:

  • 1. Scroll to the second step of the Activating Website Firewall Instructions.
  • 2. Copy the the second IP address in the grey box.
  • Log into your host or registrar to access the DNS records for your domain.
    • a. We have instructions for several popular hosts in our KB article.
  • 4. Change the A Record as instructed in the grey box.

Caution

If you decide to remove the firewall, you must change your DNS record(s) back to its original IP address.

Note

If you have any trouble activating the firewall, please submit a support ticket with your cPanel/Plesk or hosting account login information.

Note

It can up to 48 hours for DNS propagation. Until all DNS servers worldwide recognize that your website is pointing to the firewall IP, you will not be fully protected.

2.4 Whitelist Firewall IP

If you have a firewall on your hosting server, such as CSF or ModSecurity, we recommend that you whitelist Sucuri IP addresses listed in the fourth step of the Activating Website Firewall Instructions.

Whitelisting the Sucuri IP addresses in your server firewall will ensure we are able to cache your website content without being blocked.

If you are not sure whether you have additional firewalls on your server, you can contact your host and send them the IP addresses to whitelist.

2.5 Upload SSL Certificate

If you do not have an SSL certificate for your website, you can skip this step.

By default, the Sucuri Firewall offers free Let’s Encrypt certificates on your Firewall IP. To ensure end-to-end encryption, you can upload your certificate.

To upload your SSL certificate:

  • 1. Click HTTPS/SSL
  • 2. Click Upload Certificate
  • 3. Paste the content of your .key and .crt files in the fields provided.
  • 4. Click Save.

Note

If you use the Basic plan, you need to upgrade to Professional or higher to use a custom SSL certificate with our firewall.

2.6 Prevent Firewall Bypass

Once the DNS changes have been fully propagated (which you can test here), all traffic going to your domain (www.example.com) will be passing through the Sucuri Firewall.

If an attacker knows your hosting IP address, they can bypass the Sucuri Firewall because they are not entering your website using the domain (www.example.com).

The best way to prevent this from happening is to limit access to your hosting server so that only the Sucuri Firewall can access it.

To restrict access to your website IP address:

  • 1. In the Sucuri dashboard, click Settings > Security.
  • 2. Select the proper server for your hosting configuration.
  • 3. Add the code to your server configuration file.
Step 3:
Backups

No matter what you do to secure your website, the risk will never be zero. If your website functionality is damaged, you need a way to recover. For only $5/month, our cloud-based backup system ensures you are protected in the event of a critical failure.

Here are a few of the benefits in adding our Sucuri Website Backup Solution:

  • 1. Backup site files and database remotely via FTP or SFTP
  • 2. Auto restore by date
  • 3. Ability to exclude unnecessary directories
  • 4. Set frequency ranging from daily, weekly, or monthly
  • 5. Ability to schedule time of backups to reduce server load
  • 6. Track file changes including how many files were added, updated or removed
  • 7. Incremental backups of only modified or added files
  • 8. Backups are retained for 90 days

3.1 Activate Backups

To activate Sucuri backups:

  • 1. Log into your Sucuri account: https://login.sucuri.net/login/
  • 2. On the Website Backup, click Add Site.
  • 3. Next, you will be asked to add your website URL and (s)FTP credentials in the Website Details. The system will attempt to detect the database automatically.

Depending on the amount of files, the process of backing up may take some time. While the backup is in progress, you have the option to go to the next step and adjust your settings.

Activate Backups

Screenshot Activate Backups

Last Backup Successful

Screenshot Last Backup Successful

Note

If you have any trouble activating backups, please open a support ticket with your cPanel/Plesk or hosting account login information.

3.2 Backup Settings

Here is a list of the options you can adjust for setting up the details behind how backups occur and how you are to be notified.

  • 1. At the top, you will know when the last successful backup occurred, when the next backup will take place, or click the Backup Now button to begin a new backup
  • 2. Backup Frequency – daily, weekly, or monthly
  • 3. Backup Start Time – is set to an hourly UTC (Universal Time Coordinated)
  • 4. Notifications – choose when to be notified of a backup in progress
    • a. After each backup
    • b. Only on failure
    • c. Disable notifications
  • Below, you will see a monthly status of how many backups have been done.

3.3 Restoring Files

If something happens, you can automatically restore your website files individually, or all at once.

To restore your website file backup from the Sucuri dashboard:

  • 1. Navigate to the Website Backups section.
  • 2. Choose the site you want to restore.
  • 3. Click Restore Options next to the dated backup you wish to restore.
  • 4. To download files to restore manually, click Download Files.
    • a. Select individual files or scroll to the bottom to Download All Files.
    • b. Click Confirm Selected Files.
    • c. Choose to email or save the files directly and click Generate Zip.
  • 5. To restore files automatically, click Auto Restore Files.
    • a. Select individual files and click Confirm Selected Files or scroll to the bottom to Restore All Files.
    • b. Check the box that says I agree with overwriting the files.
  • 6. Click Restore.

When restoring your files, the website backup server will overwrite your existing files with the one from the backup date you have selected. Depending on the size of your website, this can take several minutes. On your dashboard, you will see that the restoration is complete. As well, an email will be sent.

Note

You can only restore one option at a time - files or database. You will need to wait for one restore to complete before restoring another. We recommend restoring files first and secondly the database.

Last Backup Successful

Screenshot Last Backup Successful

Auto Restore Options

Screenshot Auto Restore Options

Select Backup Files

Screenshot Select Backup Files

3.4 Restoring Database

If something happens to your website, you can automatically restore your website databases.

To restore your database backup from the Sucuri dashboard:

  • 1. Navigate to the Website Backups section.
  • 2. Choose the site you want to restore.
  • 3. Click Restore Options next to the dated backup you wish to restore.
  • 4. To download files to restore manually, click Download Databases.
    • a. Select the database you wish to download from the drop-down menu.
    • b. Click Download.
  • 5. To restore the database automatically, click Auto Restore Database.
    • a. Select the database you wish to restore from the drop-down menu.
    • b. Click Download to save the file to your computer.
  • 6. Check the box that says I agree with overwriting the database.
  • 7. Click Restore.

When restoring your database, the website backup server will overwrite your existing database with the one from the backup date you have selected. Depending on the size of your website, this can take several minutes. You will receive an email once the database restoration has been completed.

Restore Database

Screenshot Restore Database

Auto Restore Database

Screenshot Auto Restore Database
Step 4:
Get Support

There are two ways to get support – chat and ticket system.

Tickets are worked on in the order they are received. However, each ticket is handled personally by one of our analysts! Once someone has finished working on your case, you will be provided with an update via the ticket system. This message will also reach you via email.

4.1 General Support

Our Product Support Team primarily assists clients with any issues 24/7/365 via chat while also providing assistance with email inquiries at various stages of the customer lifecycle.

To submit a general new support ticket:

  • 1. Log in to the Sucuri dashboard: https://support.sucuri.net/support/
  • 2. At the top right, click Support
  • 3. Select the Product Support tab
  • 4. Click New Ticket
  • 5. Fill in the ticket information:
    • a. Select an issue type
    • b. Select your technical expertise level
    • c. Type a subject line
    • d. Type details about the issue
  • 6. Click Submit Request

New Ticket Request

Screenshot New Ticket Request

4.2 Malware Removal Request

If your site is currently under attack or has been hacked, this is when a malware removal request is needed.

To submit a malware removal request ticket:

  • 1. Log in to the Sucuri dashboard: https://support.sucuri.net/support/
  • 2. Click Support
  • 3. Select the Malware Removal Request tab (note: Your ticket history will appear on this page as a reference)
  • 4. Click on New Malware Removal Request.
  • 5. Enter your FTP information so we can begin working on your site.

Our analysts will respond quickly to your request. The time in which it takes to remediate the issue is based upon the service level agreement (SLA) of your plan. Our plans have response time increments of 4 hours, 6 hours, and 12 hours (as well as custom plans for enterprise).

Note

Once we receive your ticket, we will begin scanning your website. Regular updates will be sent to you via email and will appear on your dashboard under the Support section in the upper right-hand corner of your Sucuri account.

Note

SLA is based on response time, not resolution. It is difficult to estimate resolution time due to the complexities of various infections and attacks. If at any time the current plan is not meeting your needs, you can upgrade to another plan.

Malware Removal Request

Screenshot Malware Removal Request

Warning

Insufficient or unverified connection credentials are the leading cause to remediation delays. If you do not know your FTP information or need help setting this up, please submit a support ticket with your cPanel/Plesk or hosting account login information.

4.3 Customer Chat

From the Sucuri website, you can chat with our team during business hours. You can access a full-page version of live chat here.

Let the sales team know you are a customer looking for help, and they will pass you to our product support team.

General Support Chat

Screenshot General Support Chat