Our Hosting Is Being Changed
Like many website providers, we've seen an increase in malware and malicious attacks on websites over the past 18 months. To combat this, we're dissolving our existing hosting support and helping clients to set up their own.
Over the month we have been experiencing a Malware attack on various websites. I want to start by saying that every website is safe and live. Any minor issues are in the process of being resolved, and these are formalities which take 3-5 days rather than ongoing problems.
I’ve tried to provide as much information below as possible, pre-empting questions where I can, but I do encourage you to email me any further thoughts or questions.
We're giving you control of your hosting, to isolate them from spreading viruses and give each user the ability to choose how much they dedicate to safety and security.
Setup your own GoDaddy hosting (with monthly or anual payment plans)
Manage your domains and renewals within your own accounts
Control what you spend on security, protection, and malware cleanup
Why Did The Malware Attack Happen?
How Was It Managed?
How Do We Prevent It?
The New Services
Orange Reel Support
You’ll learn a lot if you google “website malware” – but the essence of it is this: programs known as malware scan websites and web applications for any kind of access, attacking wherever possible. More often than not, their goal is to infect that website with spam and backlinks. It’s impossible to 100% protect against them, because as fast as security experts attempt to nullify their entrance opportunities, there are black hats working just as hard to develop new ways to hack in.
How Was This Managed?
As soon as we became aware of the issue (within 18 hours of the initial infection) we began to delete and reinstate websites from our internal backups. Sadly, one of the most prevalent functions of malware is a self-replicating and reproducing command. We could clean one website and move on to the next, but by the time website 5 would be clean, website 1 is re-infected! At times, some sites were marked “offline for maintenance” for two-hour periods to defend against this.
The industry standard for hosting services in this position is to contact the clients and offer them services to clean it, allow the client to manage clean-up themselves, or allow the client to delete the entire site and take their hosting needs elsewhere. Many of our clients aren’t so technically inclined and in our last ten years of hosting, we’ve not had an infection on this level – therefore, to contact each and every one of you with a £99 charge for clean-up, or a threat to wash our hands of everything, would be harsh. I would hope, as my clients, you realise that’s simply not in my nature to do.
I hired a professional clean-up service to go through the websites line by line (there are hundreds of thousands of lines of code on our hosting server!) to remove the malware. Simultaneously, I along with the assistance of two developers went through the sites and constantly moved the live versions of the sites from infected instances to backups. We were working with 36 active sites on this server – even if we had contacted each client, charged the £99 – we still would have been out of pocket. I say this not for pity or guilt trips over costs, just to demonstrate the scale of the situation we found
How do we prevent it happening again?
Here’s the cause for this page. Our priority over the years has been to provide a simple hosting service, offering a very low price utilising a large server and hosting each of your sites in it. Sadly, that has to change – these viruses and attacks are getting too sophisticated for your sites to be stored together. In an ideal world, there are three main steps to secure the websites:
1. Isolate each client into a separate account
2. Maintain regular updates, patches and backups
3. Install a WAF firewall
There are hundreds. Thousands. And that's just from a cursory google search. For obvious reasons we are unable to investigate and support them all, so we've chosen to assist our clients with GoDaddy hosting. This doesn't mean they must choose GoDaddy - we will offer our services for any provider, but it will work out the most cost effective to work with a company we're already familiar with.
1. Size. It matters. The scale GoDaddy operates on allows them to provide a vast range of solutions to hosting, domains, and web security. Their prices are competitive and their reviews overall positive. They wont be right for everyone, but the same can be said for any business.
2. 24-7 Support - phone and email. Regular support is a very important step in hosting. It's one of those areas where things can just go wrong. A server update at 6pm on a Friday could cause downtime until your hosting provider opens the lines Monday morning. Of course, it's no guarantee that speaking to someone immediately will provide a solution but it offers far more information than waiting would.
3. Orange Reel support. GoDaddy offers features which allow you to authorise Orange Reel to act on your behalf. That can be as simple as helping you edit the site, and change the features of your hosting to better support your sites, or as far as ordering extra services you request, setting the options so that it debits your accounts directly. We also know, and can advise, on the range offered by GoDaddy. These vary between businesses, so it’s an extra head start.
4. Native English call centres. They operate in the UK and USA primarily – whilst worldwide call centres operate fine, when it comes to technical support for hosting any language barrier can become a severe one fast.
The absolute basics each of our clients need are the domain and an entry-level hosting account. The domain they generally own already, but if not GoDaddy offers virtually every conceivable domain extension available. The hosting account will depend on a number of things, but generally, GoDaddy’s “Essential” Plan works, it offers:
Award-Winning 24/7 Support
New PHP 7.0, 7.1, 7.2
Free Business Email - 1st Year
Free Domain* - with annual plan
Now you don’t need to understand all the details, it’s just what is included. Those with multiple websites, much higher visitor numbers or more demanding website features may benefit from upgrading to the Deluxe or Ultimate ranges. One of the benefits of working with GoDaddy is their payment structure. They offer a monthly package for convenience, as well as 1-year, 3-year, and 5-year options – usually the further in advance you order, the cheaper the package works out to be.
Checkout GoDaddy Hosting
As you can see in our Standard Vs Hosting blog from last year (Outdated in terms of our service but still relevant information) you’ll see an SSL is essential to reassure users that the website they’re looking at matches the domain they’re viewing. This helps prevents phishing attacks whereby the site you’re logging into may look like Facebook or PayPal but is, in fact, a fake, just stealing your information.
As of the latest Chrome update, users are now told a site is “Not Secure” if it’s displayed without one of these certificates. GoDaddy sells SSL Certificates from £50 per year, but for the time being Orange Reel is going to continue offering an entry-level SSL for £15 per year. This is likely to cease as of June 2019, because more secure features will be required, but for now should help our clients save a notable amount per year.
Protecting your site from Hackers, Viruses, and Malware is an important, though sometimes costly undertaking. It will depend on your day to day use as to whether this is an important task for you, but GoDaddy offers you such services just in case.
GoDaddy’s Deluxe Malware scan, removal and prevention. Plus, performance boost offers the following
12-hour response time
Unlimited malware removal
Google blacklist monitoring & removal
WAF malware prevention (basic firewall)
CDN performance accelerator
Advance DDoS mitigation
There’s plenty of information about each of these features on their website, on the wider internet at large, or available through us; but understanding the details isn’t crucial to using them. In short, this is a round-the-clock level of protection – a basic firewall to protect from malware, hacker and virus attacks, along with a clean-up solution for removing any that get through. This service costs approx. £192 per year or £15.99 per month - See More
If you’d prefer to avoid this service, certain steps such as enforcing regular updates, maintaining security standards on the website, and performing regular backups can be significant assets. They’d require you to keep a close eye on the website of course, but nothing too time-consuming. Maybe browsing it twice a week.
If you would like a malware solution at a more affordable price, their “Essential” package offers:
12-hour response time
Unlimited malware removal
Google blacklist monitoring & removal
Essentially speaking, it will scan the site for malware every 12 hours or so and allow you to submit clean-up requests if it becomes infected. This service can be brilliant if you find your website getting re-infected with malware on a regular basis. However, this isn’t a fool-proof option, as the infection can permanently damage your site – preventing a repair. In such a case it would need to be restored from a backup (providing you have a recent backup of the site which does not contain the infection) or you’d need a site rebuilt/built from scratch. This is around £5.99 per month (though drops to £3.99 per month If you buy for periods of 12 months or more).
Website Security on GoDaddy
Backups are essential. Whether you use included or paid extra services for those is entirely up to you. Within the hosting account is an application manager - which will manage and maintain your Joomla. One of the features it offers is daily backups which can store those backups either on your hosting account or your Dropbox (for off-site security). These are great but not fool-proof. If a malware infection occurs, the site backup can include the infection. If the infection goes unnoticed for a week, all of your current backups will have the infections, too.
A managed version of website backups is available at a small cost from GoDaddy. This starts at £2.99 per month (with 5gb space and discounts for longer term contracts), with the following services:
Automatic daily backups
Built-in daily malware scanning
Back up a file, folder or an entire database
Scheduled or on-demand backups
Continuous security monitoring
Downloads to local storage
Easy one-click restore
Secure cloud storage
Expert 24/7 customer support
All of the site security and backup options are optional – much like insurance. Whether or not you feel they’re worth the money is entirely your decision. But most truly notice how valued they are when something goes wrong and you don’t have them. That said, as with every aspect of your business you need to balance to financial risk against the financial cost.
It’s important to note, that regardless of the information given here, hosting and web security are constantly evolving fields and you should familiarise yourself with.
This information is here for two reasons: 1st most of our clients haven't needed to deal with hosting before, so we want to provide a background. 2nd, clients will now be responsible for their hosting and it's consequences, so we don't want to throw anyone out into the cold
Orange Reel Support Will Continue
You'll be able to hire our support services for frequent little jobs or one off issues you need help resolving. However it works best for you.