Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-08-16 14:13:01.0

Configuring SiteLock’s (SMART)

Article Number: 46507

User-added image
Configuring SiteLock’s (SMART)
 

For SiteLock Enhanced - SMART does more than just detect known malware on your site — it removes it from your files' content, protecting your visitors and your reputation from harm.

SMART uses FTP to perform the inside-out scans and remove malware. This article shows you where to find the settings you need to properly configure SMART.  If you have a Basic SiteLock account, you can upgrade it to a plan that includes SMART at any time.

Secure Malware Automatic Removal & Alert Tool (SMART)

Fix most website issues with SMART.  Deep, comprehensive scans of a website from the outside-in, as well as the files on the back-end from the inside-out, to detect hidden malware. If any malware is detected, the automated tool quickly removes it so the website does not become blacklisted or incur any downtime.

SMART identifies potential issues at three levels of severity:

  1. File Change Monitoring - Notifies users of any changes or unauthorized access to their web files, showing exactly what was added, removed, or modified.
  2. Fuzzy Logic - Identifies suspicious code and warns user of any files containing suspicious coding techniques
  3. Automated Malware Removal - Identifies any malicious code, files or links and then automatically removes.

Why use SMART?

To ensure automatic removal of detected issues so that your website remains malware-free at all times. Since malware infections can be difficult to detect and recover from, SMART ensures that your customers receive a consistently secure experience when visiting your website. No installation of software is required. Simply provide valid FTP credentials within the user interface of the SiteLock Dashboard.  Set it and forget it.

How does SMART work?

This inside-out scan checks for malware and suspicious code present in the customer’s source files within their directory structure. This is accomplished by downloading the customer’s directory to SiteLock’s server and scanning their entire web directory for malicious or suspicious code, as well as any changes made since the last scan.  This gives customers the ability to identify any unexpected or unapproved changes made to their site (defacement).

SMART has the ability to take (S)FTP credentials to your website and scan the files hardcoded in your site for malicious scripts viruses and other unwarranted code detected on your site. At your request, or automatically, SMART can even remove some of the malicious code from your website and send the clean version back into place. With this tool, you can stay protected from hackers who try to break into your website’s information.

SMART scan provides information on:

Malicious Files

·         Files identified by the scan as containing malware and links to sites known to contain malware per search engine blacklists and our proprietary database.

·         Malware is identified via a signature-based scan. SiteLock checks source files against a growing database of millions of signatures.  Any malware found will be removed if the customer has opted in for the auto-removal service or clicks “Clean now” on their dashboard.

·         This scan also identifies known frameworks of code, such as Joomla!, Drupal, or WordPress and checks whether the core files in the framework differ from the files on the server.

Suspicious Files

·         The suspicious file checker analyzes scripts by first de-obfuscating encoded files if they are obfuscated, then looking for patterns and techniques often employed by malware files, such as operating IRC bots, e-mailing credit card data, connecting to outside resources, interacting with the file system or operating system, and others.

SMART Configuration

 

Here, the FTP settings are very crucial to SiteLock scanners being able to communicate and properly scan your site. Please test the access to your site by using an FTP client, such as FileZilla before updating the settings on this page to ensure we’re able to connect and access your site.

Method for File Transfers

You can select FTP or SFTP for this option. Change this to SFTP if your hosting company allows SSH/Shell Access, and enable SSH in your hosting account if you want to use SFTP connections. Be sure to specify port 22 later in the port specification.

FTP Host Address

Here, you can enter the address of your website. You can enter your host address (ftp012456.hosting-company.com), your ip address (50.255.3.90), or your website domain (your-website.com). We will use this to access your site.

User ID

Here, you can enter the username we will use to access your site. Some hosts require a full email address as the username, so be sure to include the full address if necessary.

Automatically Remove Malware

You can elect the option to totally wipe out any hack we find malicious enough that it should be removed.  SiteLock enumerates a massive list of signatures, exploits, bad code and the like and we use that to identify bad code on the site. In addition to this list of malicious code we know is bad, we also have other mechanisms that will identify code as suspicious. Should SiteLock detect any suspicious code, you’ll be notified in the SMART results and see the reasons why the code was flagged as suspicious.  If the scanner encounters malicious code that we can cleanup, our scanner will remove that code and push the changes live to your site immediately. If you are concerned about this breaking your site and would prefer to manually clean the malicious code from your site, feel free to leave this option off.

Select a speed for FTP file Downloads

Your host will have this moderated to however many they think is appropriate. For faster scans, select 3 connections. Typically, only 1 scan is necessary.

Root Directory

This term is synonymous to “document root”, and “web root”. It is the very base of your website without any additional directories. For example: “http://example.com/” is the root of “example.com”.

 

This is where you specify the root directory to your website. Most hosting companies use `public_html’ as the web root, though some don’t allow you outside the webroot at all. If you created the SiteLock FTP account and pointed it to the webroot, you can use “/” to indicate the root of your FTP account. Otherwise, enter the path to the webroot to the website you wish to scan.

If you are unsure about what directory is your web root, then create a file called `test.txt’ and save it with the contents “This is a test of the home page.” Next, upload the file to your website via the FTP account you created for SiteLock SMART. If you can upload that file and visit directly your website at http://my-website.com/test.txt and you view the contents of “This is a test of the home page.” in your web browser. Then you have “/” as your web root in the SiteLock SMART settings.

If you must change into a subdirectory after logging into your SiteLock SMART FTP account in order to upload the file, then whatever path you used before accessing the file in your web browser is the correct path to place in the SiteLock SMART settings.

If your web host has indicated that your “user home” directory is in something similar to `/home1/user’, then please omit this from your FTP settings as it will cause an error with SMART’s ability to find your document root.

(S)FTP Port Number

If you are in doubt, leave this field blank. Otherwise, you can enter the port number for (S)FTP service, if it’s hosted on a non-standard port. Again, if this is hosted on a standard port, then you can leave this field blank. It will use the default port.

Maximum Download Time

Here, you can select the amount of time you will permit our scanner to be downloading files before we stop the download and come back the next day.

 

Scan Frequency

You can use this directive to control how frequently scans will take place. Daily is the recommended frequency.

Now that SMART has been configured, you can click “Submit” and we’ll attempt to make a connection to your website with the submitted credentials. If the credentials are correct, you will be prompted to scan your site immediately. If not, check the credentials and try again.

 

Additional SMART Settings include:

·         Automatically remove malware or just warn

·         Scan Frequency (Daily/Weekly/Monthly)

·         Manage Exclusion – After the initial SMART scan has been completed, user can specify file types and/or directories that they would like to exclude from the scan

 

Can SMART fix everything? 

Hackers create new scripts and malicious codes daily.  SMART is intended to find and fix known malware.  Another reason that SMART might not remove malware on a site is because of the risk involved.  For example, say a site was heavily infected with malware that was embedded in the coding of the site. 

If the scanner finds that removing the code would affect the functionality of the site, it will leave it there and just warn the customer of its findings.  This is where SiteLock’s Expert Services can manually clean the issues.

Users can also change FTP login information from ‘Settings’> ‘Download Settings’

  1. Go to the Settings tab.
  2. Go to the Download Settings tab.
  3. Complete the following fields, and then click Submit

Field

What to do...

Method for File Transfers

Select FTP.

FTP host address

Enter your domain name.

(S)FTP Port Number

Type 21.

Root Directory

Enter your website's root directory

 

If you have any questions or concerns please contact the Entrust Certificate Services Support department for further assistance: 

Hours of Operation: 
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see list here)

TN8912