Date aired: August 30, 2018
If you’re considering security for your site or are new to our services, this webinar will guide you through Sucuri’s simple setup processes. Potential notifications, support options for various scenarios, and ways that you can also work to keep your site malware-free will be discussed.
Jen Fisher
Chat Support Specialist
Jen has been providing support to Sucuri customers via chat, email, and phone for nearly four years! When not glued to a computer screen for work or gaming purposes, she can be found camping, dining out, or watching terrible movies with friends on beautiful Vancouver Island, Canada.
Question #1: If I select to restrict to admin directories checkbox, inside the firewall setting screen, do I still need to add the admin pages (URLs)?
Answer: Selecting the ‘Admin panel restricted to only Allowlisted IP addresses’ option either when setting the firewall up or via the ‘Settings’ panel after setup should be sufficient! If your site’s configuration required additional security, you can also use the ‘Blocklist URL paths’ option under ‘Access Control’ within your Sucuri account.
Question #2: Is it better to provide the cPanel access so you can check the database too?
Answer: That’s not necessary! FTP, SFTP and SSH access would also (typically) allow us to access and clean your site’s database.
Question #3: How are subdomains or multi-sites handled?
Answer: Each service is applied differently from a functional standpoint. We’ll provide more info below as well, but if you have a subdomain or multi-site configuration feel free to chat with us or open a ticket to learn about specifics for your setup.
Question #4: For monitoring, if the multi-sites reside in or below the main site’s root directory, scanning would likely occur for all?
Answer: Typically yes. The scanning file checks all items in the directory in which it is placed and below those directories. If the subdomain files are present, either in the root directory of the main site or below that in the file structure, they would typically be scanned as well.
Question #5: For the firewall, if the multi-sites or subdomains use the *same* DNS records as the main domain, would they likely also be covered?
Answer: Yes, usually sites that rely on the main domain’s DNS records can also make use of a single firewall service. If you aren’t sure, let us know and we can check the records to weigh in on what would be required for your specific site!
Question #6: Does the CDN cost extra?
Answer: The CDN (also called the cache) is included in all plans that also include the firewall service!
Question #7: How is SSL setup handled?
Answer: After the firewall is activated, for sites that do not have an SSL, the SSL application process begins automatically. SSL certificates are included in all Sucuri firewall-inclusive plans. If you make use of a 3rd party SSL certificate, a Professional or Business-level plan would be required to allow you to upload the certificate and the private key to the Sucuri dashboard.
Question #8: Do you offer phone support?
Answer: We do, though we receive few calls so there may not be an agent available at our number (1.888.873.0817) to take calls live. If you require a phone call, please open a ticket, provide a brief overview of what you’d like to discuss, and include a phone number and ideal time to reach you. Often we can address issues for you without or before a call! Our phone team places outbound calls as required from Monday-Friday.
See all Questions & Answers
ExpandName: Jen Fisher – Title: Chat Support Specialist
Hey, guys. A little about me. I’ve been with Sucuri for about four years here. Chat support and the customer experience has always been sort of central to what I’ve been focused on. I live in Victoria B.C. up in Canada. We have a few people in this area. Our teams are remotely distributed to all over the world. I love my kitty cat who’s sleeping somewhere in the corner here and just getting out in nature here, this beautiful area.
We have a lot to cover in this webinar. We’re going to essentially go through setup for all of the Sucuri services, including backups, which are an addition to any Sucuri plan. We’ll also go over some tips and tricks. There’s a lot that we’ve learned in several years of providing service that people often ask, so we’ll go through some of those as well.
With that, actually, I’m just going to hop out of the presentation so we can show you what we’re doing. This is the page that you’ll likely see when you sign up for a Sucuri account. This is our monitoring overview. We’re going to start by adding our site, which we actually have to do before we open a malware removal request.
A lot of people are really eager to get that done, so we’ll add our site. You can also tab down to add additional sites all at once, but this is just the one we’re adding today. So we’ll click add site. It signed me out here. There we go. We’ll click add the site, and at this point, it’s going to ask us if we’d like to open a malware remover request.
If your site isn’t hacked, or you want to set everything up first, you can choose not yet. But at this point, I’m going to click yes so we can go through this form. It already shows my site name here because I’ve added it, but if you have multiple sites, you can click down and select one of them from the list here. On this option, you can select the issues that you’re having. These give our team sort of an insight into what you’re seeing, but if any of these don’t apply to you, or you’re not sure which to select, go ahead and choose other. You can enter some additional information after we submit this form.
These are they types of connections that we can use to clean up your site. We use FTP, FSTP, SSH is also an option. We can use your cPanel account login and password or control panel equivalent, or this other field relates to the hosting account. This is pretty much all of the information that we can use to clean up the site, so I do urge people if you aren’t sure of any of these details, or you have some login information you’re not sure what you’re sending us, it really helps to take a moment and just speak with your host or your website administrator and confirm that you have working credentials for one of these options.
We handle tickets in order of receipt, so if you submit a ticket, and the login information isn’t correct, it’s going to be a little bit of a wait before someone can check that and get back to you. Confirming credentials is going to save everyone a bit of time here. I’m going to enter my SFTP host, which is just my site name. There we go. I happen to know that my port is 22 because I’m using SFTP. If you use FTP, your port will be 21. If you’re submitting any of the other login details that we’ve covered here, don’t worry about the port because it’s really not going to apply.
We’ll enter our SFTP user name and a password. Now, I happen to know that my SFTP credentials work because I’ve tested them via my FTP client here, but I also happen to know that this form isn’t going to accept them without giving me an error here. And the reason for that is when you enter information into this form, it attempts to connect via the method you’ve provided. It also attempts to direct or, sorry, drop some files in the root directory for whatever this credential type is. And it attempts to execute those files to begin our cleanup process. If it can’t do anyone of those things, it’s going to give us this error message that you’ll see in a moment here.
There we go, so it’s not able to do one of those things. Likely, it’s unable to execute the scripts. I’m not sure exactly. If you see this error message, don’t panic. It’s just meaning that one of those steps has failed. Test the credentials either via a FTP client, or test logging in to your control panel or hosting account with the information you’ve put into the form. And click submit request anyway. That’s going to put the ticket into our system, and at this point, we’ll have the option to enter some additional details.
Don’t mind this password. That’s complete nonsense, but you can type in something here like my site is blocklisted by this organization or anything that you might think is relevant to the cleanup process. We’re very thorough on each case, but sometimes, you have a little insight into what’s happening that we don’t have. That can always be helpful in helping us to complete things quickly and efficiently for you.
At this point, we’re going to wait for a reply on that. Actually, I’ll just show you. In this panel, under support, in the upper right-hand corner, is where we can find all of our tickets. When you submit a ticket and we respond to it, you will receive our response via email, but you will also have to log into the Sucuri account to enter updates. You can post those here. That’s a security protocol. We just want to be sure that people aren’t sending access requests by email or something like that, so logging into your account is the way to respond to tickets.
And At this point, we’re going to setup server-side scanning. Now, it’s showing me here that my scanner is deactivated. For a new account, you would see that it’s not activated. There’s little difference, but I’m going to click enable scanner. And the process for enabling the scans is very much like the process for submitting that form. It’s going to attempt to connect, attempt to find the right directory, and attempt to execute a little PHP file that’s associated with these scans.
If it can’t do any one of those things, you’ll see an error message. We’ll also go through how to enable manually, which can be quite helpful if you’re comfortable with it. I’m going to enter my directory, and I would click enable server-side scanner to get that started. But I won’t click that right now just so I can show these manually steps.
If you get an error when enabling automatically, by the other method here, or you want to do it this way, I guess, you can click download the file and connect to an FTP client. And this newly downloaded file will be placed in your site’s root directory. I can confirm here … Let’s see if this will work. There we go … that the file is there, it’s able to be found, and then I’ll just click verify and enable. And that’s going to confirm that the file is in place, run it, and then we have our server-side scanner set up.
We’re going to move over to backups at this point. Again, this is very similar to what we’ve done with both the form and the server-side scanner. Backups are an additional cost. There’s something that we can offer to sort of increase your security stance. It’s allowing you to account for the worst-case scenario, if your site disappears, or the worst, worst happens, backups are a good option. You don’t have to use them, but they’re available to you if you want to.
I’ll enter my username and my password, and click next. At this point, it’s going to ask us about our database connection. For most users, this auto-detect option will be just fine. It’s going to find the database there and connect to it, so your database will also be backed up. But there are some other options here. And at his point, I’ll bring your attention to the KB. This contains troubleshooting articles and overviews for essentially everything we’ve put into the Sucuri dashboard, so how to setup backups. You can see here under database backups it goes through what the cron job options and the custom options are, if you want to set things up yourself that way, but we won’t get into that right now because it’s a little more involved. I’m going to click next. It’s going to find my database here and ask me how I’d like to handle notifications and backup frequency.
Most people choose daily, but you can choose monthly if you’d like. We store backups for 90 days, I believe, 90 days, maybe 60 days. I’ll confirm here, but you can choose the backup frequency, and you can choose your notification preferences. I like to be notified only on failure, and that minimizes the number of notifications that I receive. And I’ll click save. And at this point, the backup is going to start on my site. Backup speeds can vary depending on your hosting server speed and how large the site is, so give it a bit of time. But once the backup is complete, you’ll be able to see your backup options in this panel.
Also, in the KB, they’re the restore options. We won’t get into that today because the backup won’t complete by the time we’re done here. But you have auto-restore options. You could restore via, or sorry, by specific file. There’s several options available to you.
Now that we have the backups in place, we’re going to move over to the Firewall, and this is … This is the most complex thing that you’ll be setting up within your Sucuri account. I never want to scare anyone or make it seem difficult, but it is the option that has the highest number of variables.
The option that has the highest number of variables. So, we’ll go over some very basic details, but I do want to ensure that you’re aware that support is a huge option within your Sucuri account. For any of these items, if you don’t know what to do next, or if you want for us to do it for you, or you just have some questions before you proceed, you can open up a support ticket or I’ll show you where the chat option is shortly here. Come through and chat with us and we’ll give you some direction about what to do next.
We’ll enter our site … for these options, I recommend not selecting the top one here unless you’re absolutely certain that you’re under a DDOS attack. You can select any of these options after you setup the Firewall as well, so there’s no pressure to put them in place right now. This option will severely limit how people are able to access the site. It helps if you’re under an attack because it’s going to limit the amount of traffic that you have coming to you illegitimately, but you want to be careful with using that option.
This option is something I highly recommend, this would limit access to the WP admin panel, for example, to a list of pre-approved IP addresses. That is an extra step, I know, and some people don’t want to enable it because that extra step isn’t something they want to do often, but its really going to help increase your security stance. We’ll go over how to add an IP to the white list shortly here, but I do recommend, if at all possible, if you can work with that, enabling this option.
The Sucuri DNS servers are something you can integrate into your account if you don’t use your DNS settings that often of you prefer to manage them where they currently are, you don’t have to select that. Again, its something that you can enable it later, but its just, ease of use. If you want to incorporate those into your account, you can.
So ill click ‘add site’ … and for this webinar, I’m not actually going to setup the firewall completely. A few reasons for that, I don’t want to show you my GoDaddy account, but we’ll go over the very basic option and for anything else, you can come through and talk with us or open a ticket and we’ll get it done for you.
We do want to be very careful with the Firewall setup because it has some potential to impact the sites availability. We’re handling the DNS records, we want to be absolutely certain that we do everything right so that your site is available through the whole process.
If you have cPanel, this option is going to be the simplest for you, cPanel or plus. You just click on that, enter the login details, and it’s going to automatically find the correct record, make the necessary adjustment, and set things up for you. I don’t have cPanel, so what I would be doing is updating my DNS A record to point from this IP, which is the hosting IP, to the Firewall IP.
Before we set the Firewall up, traffic goes from the visitor directly to the hosting server. With the Firewall in place, traffic is going to go from the visitor, to the Firewall, to the hosting server, so we can act as a bouncer, keeping anything away from your site if its not supposed to be there.
Were going to assume that I’ve gone ahead and made that change. Once the DNS propagation is complete, which can take anywhere between an hour to 24 hours, we would see this status change. We won’t see that right now because we haven’t made the change, but you can always click these little arrows to refresh the status If you’re not sure if the change has been made already.
Let’s see, so now that we’ve assumedly set up the Firewall I want to move back over to the presentation quickly here so we can show you a Firewall block message. If you enabled that WP admin or WordPress limiting setting when you set things up, you may see a Sucuri Firewall block message at some point.
What this means is that the IP address that is attempting to access the site is either trying to do something that is determined to be malware through the algorithms that we … very complex algorithms that we have in place to allow the Firewall to determine what is legitimate access and what isn’t. Or the IP address has just changed for a user and you need to be white listed.
Let’s go through quickly how to white list an IP. We have a couple options. Once the Firewall is activated, you’ll see a white list IP option right here. It’s going to be quite available, you just click on the website Firewall tab and that will show up for you. You can cope the IP from the block message and post it in there, you can also access that under ‘access control’.
Here we have the option to not only white list the IPs, but to choose a timeframe. So for instance, If you have a developer, consultant, you want them to have access for day but maybe not forever, you can post the IP in there and click white list. I also love to draw people to the notes field here, because if you white list an IP, we at Sucuri have no visibility about what that IP is for you or why you’ve white listed it. Adding a note when you white list an IP, if you want to remember down the line, why that IP has been white listed is really helpful.
We also have the option, and few people wander over to this API page, but the quickest and easiest way to white list an IP is to use this link. This white list IP button can be clicked on, right click, and you can copy the link address and that’s going to tallow you to paste it into a browser window to white list your current IP. You just paste it, load it like this … its going to say my IP is already white listed … but you can also copy or share that link. So if I want to share it with my developer or someone else who needs access, who might have a changing IP because that does occur, you can copy and share the link or just bookmark it for you own use.
Now that everything’s set up, we’ve gone through how to gain access through the Firewall if you have some extra security in place. I wanted to show you a few of the notifications that you might receive. When the server site scanner is set up, its going to be scanning all site files, so everything associates with your site below the root directory that it resides in, that that little script resides in.
It will alert you if you have outdated site elements, which is really helpful. It will also tell you if you have malware. If you receive an alert about outdated site elements, and you have the Firewall in place, know that were virtually patching those for you. So we do recommend that you upgrade site elements whenever possible, but if for some reason you can’t or you can’t do it right away, its not a security concern if the Firewall is in place.
If you receive a notification about malware on the site, you’re going to want to open up a new malware removal request. We request, or require actually, that you open up a new malware removal request for every instance of malware on your site. There are a few reasons for that … a lot of people get a little … not frustrated, but want to know why we don’t just save login details.
We want to minimize the risk for you by removing login details from the tickets after a certain period of time. We don’t want to keep those on file because that makes us a security concern. If we had just databases of login information, us being a security company, we are a target for that kind of thing, so we don’t keep that information on file.
We also recommend that you change login information after every exploit, so that’s going to just cover the potential that maybe your password was stolen … maybe it was really easy to guess and someone used a script to obtain that … we recommend that you update login details for everything after your site has been hacked and cleaned.
We also want to have some visibility of the big picture. If your site is hacked once, that’s devastating, that’s terrible, and we don’t want for that to occur again. But if your site is hacked multiple times, opening multiple requests gives us kind of a flag that something is going on. Maybe in the larger scheme of things that isn’t being addressed.
Ideally, with the Firewall set up your site should not be accessible again. If one of those few ways in which your site can be compromised with the Firewall up is causing you to have security risks again and again, we want to provide some extra insight there.
Now that we have gone over that option … oh, I should note here as well, you may receive alerts for any of these options … if it will load for me … there we go. Under setting, you can see which scan types are in place, malware and black list, will alert us if there’s malware or if a company has black listed us. You may also receive notifications about DNS changes, SSL changes if you have that enabled here, or up time. Those will reach you via email as well.
Again here, I don’t need to show you this, but we’ll draw your attention to the KB section. You can search the knowledge base, that’s going to bring up any results. See, I’ve searched these things recently. It also … if you’re just curious about what a setting is in Sucuri account or how something might interact with another thing, these articles are probably going to have you covered.
If you don’t find something in the KB or you’d rather just chat with us, we offer live chat support. It will be available in just a second, there we go, in the lower right corner of your Sucuri account. Chat is leviable for Monday to Friday, nine, or sorry six am ’til ten pm, PST. If our chat service if offline, if this shows that we’re not available, we will respond to your questions via email, but there may be a bit of a wait. So, the support ticket system is going to be your best bet for getting assistance.
We work on tickets 24/7, 365 days a year. You name the holiday, Christmas day, new years day, thanksgiving, we’ll be there to assist.
We do also ask that you open tickets for any changes on the site. The reason for that is we don’t own the chat service, so we don’t manage security there. Opening a ticket allows us to ensure, because we manage security for this system, that we’re dealing with the account holder. It verifies you and then we can make any adjustments related to any, anything relate to your Sucuri account via a support ticket request.
Let’s see … there’s one other thing that I wanted to cover for you here … just insure that … Chat support, if you use the chat open, or sorry, chat option, if will not open a ticket. Chat here does not interact with the ticket system in any way. I often have people saying, “Oh, I sent you a ticket earlier and you sent me an email, but I don’t see the ticket in my dashboard.” This chat option does not open a ticket for you, it will send us an email or open a chat, but it won’t initiate a ticket as it would if you open one from under the support header here.
As it would if you opened one from under the support header here.
There’s one more thing that I wanted to show you and that is the cache. Because we have that extra hop in here, so visitor firewall hosting account, or hosting server, we offer caching. Usually caching will make the site faster than it was before you put the firewall in place. But caching also means that we store content, so some things that you update on the site may not update for you immediately.
You can change the caching level here. I recommend keeping the caching level enabled, if at all possible. And you can clear the cache on this page by clicking the clear cache button. Again, on the API section here we have a handy little clear cache button. You can … as with the white listing IP API, you can copy this link and bookmark it for yourself or share it to clear the cache anytime you need to.
Caching refreshes very frequently, but because we have so many servers, even that constant refresh may not allow you to see changes on your site immediately. Using the clear cache option or this little handy link will allow you to clear the cache any time you need to.
So that’s all I have for you guys, Val do we have any questions?
See Full Transcript
ExpandIn the website security community, our name is known for fast site hack cleanup and responsible vulnerability disclosure. As thought leaders in website security, we are committed to sharing what we know. Follow our concise and helpful website security guides and tutorials so you can learn how to clean and secure your website.
Join us on April 5th as we cover the latest findings from our 2022 Hacked Website Threat Report. We’ll shed light on some of the most common tactics and techniques we saw within compromised website environments.
All software has bugs – but some bugs can lead to serious security vulnerabilities that can impact your website and traffic. In this webinar, we dive into the steps you can take to migrate risk from infection and virtually patch known vulnerabilities in your website’s environment.
The threat landscape is constantly shifting. As attackers continue to hone their tools and exploit new vulnerabilities, our team works diligently to identify and analyze threats posed to webmasters. Join us on July 6th as we cover the latest findings from our Hacked Website Threat Report for 2021.
In this webinar we will highlight the various activity, access, and error logs WordPress site administrators have at their fingertips. Plus, learn how logs can best be used to manage, troubleshoot, and most importantly, secure your sites.
In our latest webinar, we'll describe action items that can improve the security state of internet-connected devices we all use every day. These devices will include common household staples such as: WiFi Routers, iOS/Android devices, and personal computers.
Join us as we delve into the minds of hackers to explain targeted attacks, random attack, and SEO attacks. Find out why bad actors target websites.
A feature benefit guide for our agencies and end users. Why use our firewall? What kind of protection does it offer? How does it affect the efficiency and speed of my site? Will it affect my server's resources? Find out the answers to these questions and more in our webinar…..
Cross-site contamination happens when one hacked site infects other sites on a shared server. This webinar is for beginners and web professionals to understand cross-site contamination and how to prevent it…..
If you're considering security for your site or are new to our services, this webinar will guide you through Sucuri's simple setup processes. Potential notifications, support options for various scenarios, and ways that you can also work to keep your site malware-free will be discussed…..
Learn how you or your agency can account for security with your client projects. Presented by Sucuri Co-Founder, Dre Armeda, this webinar shows how you can get involved and help clients who are not aware of some of the security risks involved with managing a website…..