Using the Secure Malware Alert and Removal Tool (SMART)


  • Applies to: Grid
    • Difficulty: Easy
    • Time Needed: 10 minutes
    • Tools Required: AccountCenter access
  • Applies to: DV w/SSDs
    • Difficulty: Easy
    • Time Needed: 10 minutes
    • Tools Required: AccountCenter access
  • Applies to: WordPress Hosting
    • Difficulty: Easy
    • Time Needed: 10 minutes
    • Tools Required: AccountCenter access

Overview

This article will help you use (mt) Media Temple's Secure Malware Alert and Removal Tool (SMART).

SMART is a service provided by our 3rd party security vendor, Sitelock, which does the following:

  • Performs server-side scans of application files
  • Automatically removes common malware from files when/if located
PLEASE NOTE:

For Grid service customers, SMART is only available with the purchase of CloudTech's Security Pack Service. Click here to learn about the Security Pack and how to order this service.

How Does it Work?

  1. An FTP user is automatically created on your GRID using a randomly generated password. The home directory for this user is the document root of the domain you would like to scan: domains/example.com/html
  2. Sitelock connects via FTP.

How Does it Work?

  1. SMART automatically finds the SSH port of your DV server and the document root of the domain you would like to scan.
  2. These details are sent to Sitelock.
  3. Sitelock in turn provides us with a public SSH key.
  4. A user is created on your DV and is given the UID/GUID of the document root of the domain. The provided public key is placed into the ‘authorized_keys’ file of the new user.
  5. Sitelock connects via SFTP using the key.

How does it work?

  1. SMART automatically finds the SSH/SFTP information for your WordPress Hosting.
  2. These details are sent to Sitelock.
  3. Sitelock in turn provides us with a public SSH key.
  4. The provided public key is placed into the ‘authorized_keys’ file of your WordPress Hosting’s SSH/SFTP user.
  5. Sitelock connects via SFTP using the key.

Setup Instructions

  1. Log into your (mt) Media Temple AccountCenter.
  2. Click “Manage Security” in the Security section.
  3. Add a domain to the malware removal service by clicking the blue “ADD DOMAIN” button.
  4. In the list of domains, toggle a domain’s switch to On to enable malware removal.

What if something goes wrong during SMART setup?

If something goes wrong during SMART setup, you may see one of the following error messages:

  • Domain is not properly configured on this service - This indicates that the domain is not set up correctly in Plesk or cPanel. Please see our KnowledgeBase article about how to set up a domain in Plesk or how to add your domain as an account in cPanel.
  • Document root does not exist - This means that the expected document root folder does not exist. This would be the document root that is set for the domain in Plesk/cPanel.

What if something goes wrong during SMART setup?

If something goes wrong during SMART setup, you may see one of the following error messages:

  • Domain is not properly configured on this service - This indicates that the domain is not set up correctly. Please see our instructions for adding a domain to your server here.
  • Document root does not exist - This means that the expected document root folder does not exist. On the Grid, this would be domains/example.com/html.

What if something goes wrong during SMART setup?

If something goes wrong during SMART setup, you may see one of the following error messages:

  • Domain is not properly configured on this service - This indicates that the domain is not set up correctly. Please see our instructions for adding a domain to your WordPress Hosting here.
  • Document root does not exist - This means that the expected document root folder does not exist. With WordPress hosting, this would be your site's "html" folder.

How Can I Tell it is Working?

If the indicator in the AccountCenter is showing green for malware scanning, everything is working well. If there a red warning indicator (both on the AccountCenter Overview page and on the Security Settings page), something went wrong.

The AccountCenter Overview page will display the error message pictured below. The same error message will display on the Security Settings page accessible by clicking on the Manage Security link:

But My Site Is Showing A Critical Malware Status Anyway!

SMART is capable of cleaning most malware issues, but it cannot catch EVERYTHING. The ‘malware status’ indicator in the AccountCenter can be triggered by HTTP scans. As an example, if malware was injected into the database of a WordPress or other CMS application, SMART would not be able to clean this, as it scans and cleans static files. However, HTTP scanning would still detect the malware.

What Do I Do If SMART Cannot Clean My Malware?

(mt) Media Temple has several other security resources available to assist you with malware removal:
  • Our community’s hub for security resources can be found here.
  • CloudTech provides a subscription-based malware removal service called the security pack. You can see more info about this here.
  • CloudTech also has a one-time malware removal service, which you can read about here.

Troubleshooting: What Do I Do If SMART Is Not Working?

If SMART is not working, the AccountCenter offers the ability to ‘retry’ the service’s SMART settings. If anything has changed on your server or domain, this will rebuild SMART’s settings based on your current setup.

However, in some situations, an issue with your site or server will need to be resolved.

Common errors that need to be resolved include:

  • FIREWALL SETTINGS - Your DV’s SSH port cannot be blocked from Sitelock by the firewall. If you would like to explicitly allow Sitelock IP addresses, they are as follows (subject to change):
    184.154.139.0/26
    184.154.149.90
    108.178.14.202
    184.154.178.90
    184.154.36.162
    184.154.36.165
    184.154.36.169
    184.154.36.170
    184.154.36.187
    184.154.36.188
    184.154.36.189
    184.154.36.190
  • USER SETTINGS - If the user created by SMART is removed, altered, or has its .ssh files updated, this could potentially block access for Sitelock. The security user on a DV will look like ‘cloudtech_example_com’ if it was set up for ‘example.com’.
  • DOCUMENT ROOT OWNERSHIP/PERMISSIONS - If the document root directory has been removed, or had its ownership modified, this could potentially block access. In order for SMART to work, Sitelock needs to be able to login, navigate into the document root directory, and have read/write access to the directory AND the files inside.

However, in some situations, an issue with your site or server will need to be resolved.

Common errors that need to be resolved include:

  • DOMAIN SETTINGS/DOCUMENT ROOT - If the domain or its document root folder has been removed, or had its permissions changed (such as when the ‘html’ directory has 200 permissions), this could cause issues with Sitelock. Sitelock needs to be able to log in, navigate into the document root directory, and have read/write access to the directory.
  • USER SETTINGS - If the user created by SMART is removed, altered, or has its .ssh files updated, this could potentially block access for Sitelock.

However, in some situations, an issue with your site or server will need to be resolved.

Common errors that need to be resolved include:

  • DOCUMENT ROOT - If the document root has been removed, or had its permissions changed (such as when the ‘html’ directory has 200 permissions), this could cause issues with Sitelock. Sitelock needs to be able to log in, navigate into the document root directory, and have read/write access to the directory.

SMART Is Still Not Working...

If all reasonable solutions have been exhausted, please contact (mt) Media Temple support for additional assistance.