CTB-Locker

Discussion in 'Security' started by kenb, Feb 25, 2016.

  1. kenb

    kenb New Member

    What can one do against this one? I'm told it affects Wordpress sites, but I couldn't find information how to protect the server. I'm talking about this one here:

    http://www.bleepingcomputer.com/news/security/ctb-locker-for-websites-reinventing-an-old-ransomware/

    Main question: for how long do we currently have backups saved? Is there a means to keep a for instance weekly backup of our VPS saved offsite by Knownhost, against a fee? Or is it possible to download an entire backup for safekeeping? How about other methods? E.g. getting a CD/DVD of a monthly backup?
     
    Last edited: Feb 25, 2016
  2. Dave G

    Dave G Member

    kenb

    You can do backups of your server/web sites by using the backup utility in WHM
    Login to WHM as [root] and select "Home »Backup »Backup Configuration"
    This will backup to your web server and websites, the web site backups can then be downloaded to your computer, if you wish from within each users cPanel
    Or you can keep a off site backup using a Amazon S3 account.

    More info on WHM/cPanel backup can be found here:
    https://documentation.cpanel.net/display/ALD/Backup+Configuration

    As far as I know KH does backup of your server every 3 days.
     
  3. phpAddict

    phpAddict Active Member

    This particular virus does not target WordPress, it can affect any website. A hacker finds a vulnerability on your site and installs this virus. I've seen CTB-Locker (the windows desktop version) in action on systems and it is a nasty virus. WordPress is just a popular target for hackers so it'll likely be found on many weak WordPress sites.

    Since Dave G already covered you on the backups here's some basic tips on hardening your WordPress site. Keep WordPress and your plugins up to date, limit the number of installed plugins to just ones you really need (you wouldn't believe how many sites I find just loaded with unused and active ones), and regularly search for any vulnerabilities for your plugins. There are even plugins that will regularly check for any reported issues with your other plugins. For WordPress sites hackers will either brute-force their way through wp-login.php (so have a very strong random password) or find flaws in poorly developed plugins. Monitor your CSF emails/logs and if you're up for a little work check out some tools to automate blocking hackers on this discussion. I am happy with the ModSecurity script I mention in there but I'm going to try the ZB Block tool that AUDave mentioned at some point, which protects all of your sites, not just WordPress sites.
     
  4. kenb

    kenb New Member

    Downloading 20 gigabyte (regularly) on a 6000 kbs line isn't something you can do just like snipping your fingers. That's one problem. The other would be uploading those 20 GB using a 200 kbs up line. Which is why I have been asking whether there is an "onsite" means to backup a VPS. I'd even rent a second VPS to mirror the first one and lock public access on it, if that were an option.

    Most WP sites on the server us the WPSecurity plugin, though I'm not convinced this is sufficient.
     
  5. VoX

    VoX New Member

    I currently backup to my Amazon S3 bucket, no issues so far.
     
  6. kenb

    kenb New Member

    I'm happy for you that you found a working solution, this doesn't help me with my problem though.
     
  7. phpAddict

    phpAddict Active Member

    Of course it does. It provides a means for an off site backup solution per your initial request...
    Your "6000 kbs line" or "200 kbs line" is not at all involved with the solution that both Dave G and VoX provided.

    Alternatively, you could use FTP to transfer files to most any other server without transferring the 20GBs of data over either of your slow connections. For example, (no offence to KH but being that they don't have individual site plans) buy an economy GoDaddy plan for just $6.99 a month which provides 100 GB of storage and unlimited bandwidth. Then set up your FTP backups to transfer them to that server. Easy peasy backup redundancy.
     
  8. KH-FreddieA

    KH-FreddieA Technical Support Operator Staff Member

    VoX likes this.
  9. adev

    adev Member

    I also use the whmcbhilt in backup scripts to upload daily backups to Amazon AWS/S3. It's cheap as you only pay for what you use and simple once you have it set up and verified working. I had some posts on it last year which might shed some light. I would recommend enabling versioning on the bucket if you decide to use S3.
     

Share This Page