Preventing Cross-Site Contamination for Beginners

Date aired: July 19, 2018

Cross-site contamination happens when one hacked site infects other sites on a shared server. This webinar is for beginners and web professionals to understand cross-site contamination and how to prevent it.

Joshua Hammer

Sales Operations Manager

Josh is managing the sales chat team for Sucuri. When he is not reading about the newest hacks or delving into website security, he is at home playing boardgames with his family or video games with friends.

Questions & Answers

Question #1: Your example assumes that all these sites are owned by the same owner. What if they have different owners, all just customers of the web host?

Answer: So most hosts are good at separating customers sites, especially the larger hosts. Some smaller hosts may have issues. Mainly we tell people to be more concerned with what is within their hosting account.

Question #2: Will that architecture cause cross-contamination?

Answer: Depends on the setup. Most hosts are good at separating customer’s sites, especially the larger hosts. Some smaller hosts may have issues. Mainly we tell people to be more concerned with what is within their hosting account.

Question #3: Is WordPress Multisite the solution for hosting multiple client sites securely?

Answer: While WordPress Multisite makes it easier to develop and maintain several sites, it is not necessarily more secure. All sites are hosted off of a single database meaning if that database is compromised, all the sites are compromised. It is, however, easier to keep up to date and to clean.

Question #4: How do I bypass the referer header in CSRF?

Answer: Cross-Site Request Forgery. This is a little out of the scope of this webinar. It has more to do with social engineering attacks. Make sure you know what the link leads to that you are clicking. I will refer you over to OWASP for more information.

Question #5: What about if I am a customer of a reputable Web Hotel? Do I run a risk of being contaminated by other customers on the same server?

Answer: So most hosts are good at separating customer’s sites, especially the larger hosts. Some smaller hosts may have issues. Mainly we tell people to be more concerned with what is within their hosting account.

Question #6: If the host has separate login accounts for each of the sites that they host, how does cross-contamination occur?

Answer: Cpanels can be set up to only give access to a folder within a hosting account and this will still have some cross-site contamination issues. So it depends on how it is set up. If the host has each site on a separate virtual machine you should be okay.

Question #7: Is it possible to apply Sucuri to multiple domains under the same hosting?

Answer: Yes absolutely! :-) Come on in to chat and work with our representatives. Tell them you saw Hammers webinar and have multiple sites. We will work something out for you!

Question #8: Is it easy to clean out a website yourself if it's infected? Are there any general rules to follow?

Answer: While we do have guides on YouTube (look for Sucuri Security) just make sure you get everything, not just the symptoms so if you are seeing a redirect make sure you clean the redirect and any other backdoor files as well. The saying goes you can spend the time to save money or spend money to save time. If you chose the later, we are here for you :-)

Question #9: Would you name several decent hosting companies in the US? Have you experienced US-based hosting companies but with overseas tech support that is overly polite, willing, but just not able?

Answer: We work with every hosting company so we really won't recommend one over another.

Question #10: Would you recommend local hosting support vs remote support?

Answer: We work with every hosting company so we really won't recommend one over another. Whatever works for you is really going to be the best in your case.

Question #11: Have you ever heard of a company named Arcler Desk LLC that supports many hosting companies that remote support is not able to solve?

Answer: I am not. Offhand, doing some quick research, they seem to be a remote support company. Keep in mind that pc malware/viruses are very different than website malware.

Question #12: Doesn't Sucuri proxy firewall act as a CDN and would it speed up a site for international users?

Answer: It does :-) and we have data points around the world. I personally think Sucuri’s cloud proxy is the best CDN but I am biased :-) https://kb.sucuri.net/firewall/Website+Firewall/where-are-our-servers-located

Question #13: If the site is infected and needs to be cleaned, I assume the business package is the right solution if the site owner doesn't have a backup of his website.. how long it would take to be cleaned?

Answer: So our Chat team is here to offer assistance, come on in and say hi :-) The business plan is one of our fastest plans and can have cleanup started within 4 hours but completion time depends on type of malware, amount of malware, and size of the site (it will take us longer to clean a 500 page site than it will a 4 page site). We can also talk about priority cleanups moving that 4-hour start time to 30 minutes.

Question #14: I am on shared hosting, do I need to worry about cross-site contamination?

Answer: So most hosts are good at separating customers sites, especially the larger hosts. Some smaller hosts may have issues. Mainly we tell people to be more concerned with what is within their hosting account.

Question #15: Can backups contaminate my other files?

Answer: Absolutely. Backups should be kept offsite (if you go with Sucuri backups for 5$ a month we will maintain it on our servers for you). Backups are just files after all and can host malware just like any other file.

Question #16: Each account has its own cPanel, are they at risk?

Answer: Cpanels can be set up to only give access to a folder within a hosting account and this will still have some cross-site contamination issues. So it depends on how it is set up if the host has each site on a separate virtual machine you should be okay.

See all Questions & Answers

Expand

Transcript

Name: Joshua Hammer - Title: Sales Operations Manager

Hey everybody. As he said, my name's Josh. Most people just call me Hammer. A little bit about myself, you know I've been with Sucuri now for 4 years. I'm a sales operations manager here. I'm married to a beautiful wife with two wonderful little girls. I love games. Any kinda game. Board games, video games, I even look at security kinda like a puzzle or game. So those are kinda my passions.

Today we will be going over a little bit about a hosting file structure. What it looks like, how cross contamination can affect you, how to explain cross-site contamination in a very non-technical way, and why cross-site contamination is a problem. Now if you guys are looking for a highly technical webinar, this is not it. We're going to kinda really look at this is a very non-technical way so that everybody can understand it, and kind of give you an idea of how to explain it if you are technical to a non-technical person.

So with that let's jump right in. So hosting file structures, most people look at a hosting file structure and they think of that kind of a toolbox, or a chest of drawers, and each site has its own little place inside that toolbox or the chest of drawers, but it's really not. It's more like that junk drawer in your kitchen that has everything thrown in there, and you kinda dig through it when you wanna find what you're looking for. What it looks like at a file manager level is this. You got a whole bunch of different kinda folders and that kinda stuff. Really the one though that we're most interested in is that public_HTML. That's where most of your websites live.

So let's dive in. What is cross-site contamination? Basically it's when one site negatively affects your other sites within the same server. Technically due to poor isolation. So what do we mean by that? Well let's start thinking about a host rather than going into "Oh, it's a folder, and it's this, or it's a computer." Think of it as your house. K? So a host is your house, and inside your house you have a whole bunch of different rooms. And each site is a different room in that house. You got a living room, you got a kitchen, you got a bathroom, you got a dining room. Whatever. You got a bunch of different sites. K?

Well when you get malware in there you've got bugs. You've got bugs in your kitchen, mkay? So bugs tend to crawl throughout the entire house. The don't just live in your kitchen, they move from room to room. So houses kinda work at a normal setup? Well let's take a look. You've got your main business site. Right? This is your Fort Knox. This thing is protected. Everything is up-to-date. You've got your security programs on there, plugins, everything's up-to-date, maybe even have a firewall protecting it. K? That's fantastic. That's your money-making site. It should be protected. But then what happens is you know, you help your mom out. She's got a baking site, you know, she loves to cook. So you put that up on there for her, and you update it every once in a while.maybe you helped your brother out, he's got a site where maybe this is an old site that you were running. You kinda forgot about it. Or if you're like me, you're into video games, and you have this video game site from five years ago because that's when you actually had time to play video games, and you completely forgot about it since then, because you've moved onto to 20 other different things.

So what happens is these old sites that you, heck, don't even remember being on there; they're out of date. K? And hackers, they love the low-hanging fruit. They love that stuff that we forgot about. We've left alone, right? So Fort Knox here, your business site, all up-to-date, all good, the problem is that it's on the same server as this old site that you completely forgot about, and what happens is they get into this old site, they put the bugs in there, and the bugs just crawl all over the place. So you can't just turn around and say "Well, the business site's the only that's important, so its got bugs, lets squash all those bugs on the business site, and we'll worry about those other sites later." 'Cause if you squash all the bugs on the business site, guess what? How long is it gonna be until the bugs just crawl right back over? Most of the time it's just a few minutes.

So what you we do about this? Well you know it's kind of an issue with on the hosting site, because hosting sites make it really easy. 'Cause you know, five bucks a month you have as many sites as you want. The problem is it's really bad for security. What you really should do is isolate each one under its own virtual machine, or its own hosting. But that gets expensive. So what's another thing we can do? Well we can do firewalls. Well once again, you know, it may be cheaper to do four firewalls around your four different sites than it is to pay for four hosting accounts. Don't know. But if you only protect three of 'em it's kinda like putting a fence around your house and then digging a hole underneath it so they can get to that fort site. The fence really doesn't do you much good.

So if you're already infected what do we do then? Well if you're already infected we can either get them all cleaned up, because you need to clean the entire environment, not just your business site. We can delete those other sites, but maybe you don't wanna delete mom's site. She'll get mad at you. I know my mom would be really upset. So we can move the business site onto its own server and clean just that site, and maybe have a second server for those other sites that are not as important.You can look at backups for those other sites, that way you can just delete 'em and then restore from the backup. Gotta be careful with backups though because you know, malware. They like to hide it there for a few months until your backups are infected too, and then when you restore, you restore the malware. Fantastic. So that's really the base of it. It's really things are interconnected.

So I like to keep things short, that's kinda me. What kinda questions do you have? Comments, concerns, wisecracks, I'm up for any of 'em.

See Full Transcript

Expand

Similar Past Webinars

In the website security community, our name is known for fast site hack cleanup and responsible vulnerability disclosure. As thought leaders in website security, we are committed to sharing what we know. Follow our concise and helpful website security guides and tutorials so you can learn how to clean and secure your website.

Webinar - Preventing Cross-Site Contamination for Beginners

Cross-site contamination happens when one hacked site infects other sites on a shared server. This webinar is for beginners and web professionals to understand cross-site contamination and how to prevent it.....

Webinar - Fire Chat: Reactive and Proactive Protection for Web Agencies

In this fire chat, we're looking to find answers to some of the questions web agencies have been asking us for years, in hopes of shedding more light into how you, as an agency, need to respond to security threats your customers face.....

Webinar - Security for Web Agencies

Website security is challenging, especially with a large network of sites. We want to help you understand how you can create a security plan and reduce the risk of a hack or security incident. In this session Dana covers the implications of a security breach and why security should be important to your agency. Dana shows you a tiered approach to we....

Webinar - Beginner's Guide to CDN's

All content is not created equally. Reducing the time it takes for each piece of data to travel from the host server to the client will provide lower latency and a more optimized user experience. Ultimately, this helps avoid dropoffs in users as a result of extended load times.....