Web hosting providers can limit the spread of malware by quickly responding to reports of compromised sites, informing customers and, in some cases, mitigating and resolving the issues, according to a new set of best practices released by StopBadware, a nonprofit aimed at fighting faulty software on the internet.
The document written by security researchers and web hosting companies aimed to set expectations to reduce the scourge of malware.
Cybercriminals set up malicious websites or compromise legitimate sites to host exploits, StopBadware's Executive Director Maxim Weinstein said.
When researchers notice, they often send reports to hosting providers, but that was where communication often broke down, Weinstein said.
Some providers didn't consider it their problem, often waiting weeks to communicate infection reports, he said.
The StopBadware document said web hosts should acknowledge receipt of an abuse reportin a business day and by the next have evaluated if the malicious URL in the report is within their ability to mitigate.
Immediately after analysing the report, they should notify the site owner (or downstream providers) and provide tips for resolving the issue, the recommendations state.
Scott Gerlach, IT security operations manager at Go Daddy, the world's top web hosting provider, said it provided free malware investigation and remediation. But many hosting providers didn't have the resources to investigate and remove malware from customer sites, he said.
"Go Daddy has a staff of 25 security people working on this all the time," Gerlach said. "Not a whole lot of firms have a staff that large."
Website owners share the responsibility for keeping their sites clean but, in some cases, hosting firms should correct the problem by blocking affected content, removing malware and fixing any underlying vulnerabilities, according to StopBadware.
“If the malware occurs because the web hosting provider didn't adequately patch the server, they should probably help with addressing it,” Weinstein said.
“If it happened because a customer left a vulnerability in an app they installed and the customer is in a good position to simply delete the malware file, patch the software and move on, it might not be as critical that the hosting provider help out.”
Regardless, communication is paramount, according to the document. Providers should also ensure they follow up with the individual who reported the infection.
“The more [security researchers and hosting providers] are talking and working together and acknowledging each other's presence and ensuring the lines of communication are open, the more quickly and effectively the whole ecosystem can respond to malware,” Weinstein said.
And, finally, hosting firms should periodically review abuse reports to identify trends and patterns. If a number of customer websites are infected in a similar way around the same time, it may signal a deeper trend, Weinstein said.
“Attackers are using web hosters to spread malware, so it is the responsibility of web hosts to try to mitigate that activity,” Gerlach said.