The web host HostGator has a partnership with the security company SiteLock where if your website is hacked HostGator suggests you hire SiteLock to fix it, which if you followed our previous post’s on SiteLock would seem like a bad idea. The actual results also back that up, as situation we we dealt with recently highlighted.
A website we were going to be doing an upgrade on once HostGator changed the PHP version on the server, got hacked and was rendered non-functional due to it being defaced. HostGator recommend SiteLock to clean up the website. Getting the website back up and running should have taken just a few minutes (by replacing the index.php file in the root directory), with a full cleanup taking a few hours. Four hours after they were supposed to have started it was still not functional and we were contacted to see if we had any suggestions. The website only became functional later in the day after the website’s developer followed our advice to replace the index.php file, by the next morning SiteLock had removed the defaced index.php file. When we double checked SiteLock’s work later we found that they had not removed a backdoor script, which allows a hacker remote access to a website, that had been added to a core Magento file in the root directory of the website. While things can be missed during a cleanup, this seems to be a case where corners were probably cut instead of an understandable mistake since a simple file comparison of the website’s file with a clean copy of Magento would have spotted that backdoor script.
All this would point to it being a bad idea for HostGator to have partnered with SiteLock, but there are problems going the other way as well.
A couple of weeks ago we discussed the fact that HostGator misrepresents what security SSL certificates provides. If SiteLock was actually concerned about security it seems like the kind of thing they would want to make sure a partner isn’t doing. But a much more important issue that we have noticed with HostGator when comes to a security, particularly when comes to the cleanup of hacked websites, is that HostGator doesn’t have it set so that log files for websites they host are archived. By not doing that it is much harder to determine how a website was hacked (since the evidence often resides in those logs) and therefore makes it harder to make sure the website has been secured against the hack happening again. We have trouble understanding why a security company would want to partner with a web hosting company that makes doing a good job more difficult than it needs to be. Especially when archiving logging isn’t some obscure feature, it prominently featured on the Raw Access Logs page in cPanel:
Incidentally, if you are hosted with HostGator or another web host that uses cPanel, now would be a good time to make sure you have archiving enabled in cPanel.