If you’ve been following the last few blog posts I’ve made, or if you’ve been unlucky enough to experience it first hand, you’d see that the StealRat botnet has become a huge issue not just for us, but for the vast majority of shared hosting companies. We’ve been working hard over the last month to try and come up with a permanent fix without affecting your websites or hosting service. Luckily, we’ve finally found one.
What we’ve found is a sort of firewall solution. We’ve been testing it on one of our servers and it has been incredibly effective, essentially stopping all of the spam issues that have been caused by StealRat. The way it works is relatively simple. A firewall sits between the internet and your hosting account, and any time a new file is uploaded it is scanned. If the file being uploaded is recognized as an exploit it is moved to a quarantine area to avoid it from infecting the rest of the hosting account.
The firewall looks for more than 3,000 known exploits, searching for simple things like suspicious file names and file types to complex issues like binary executables and CGI uploads.
The best part about this is, so far, we have seen absolutely zero false positives. Our initial concern was the firewall blocking legitimate files from being uploaded, but over the past month this hasn’t happened once. It has also virtually stopped all spamming from infected accounts from the one server that we have been testing.
We feel that this is the best, most effective way to protect all of you (and us) from further StealRat issues and will be rolling out the firewall on the rest of our servers. This should resolve all of the recent RBL issues that we’ve been having, and there shouldn’t be any difference in the way your hosting account or website runs.