Trojan scan

Procedure

1. Log on to the Cloud Web Hosting management page.
2. Find the Cloud Web Hosting instance that you want to manage and click Manage in the Actions column.

3. In the left navigation pane, choose File Management > Trojan Scan.

4. On the Trojan Scan page, view files whose Status is Pending. After you confirm the risk, take the appropriate action.

   For example, to quarantine the high-risk file Admin/Admin_ServerInfo.asp, click Quarantine in its Actions column.

   The following table describes the key parameters.

   Parameter	Description
   trojan file path	The location of the trojan file in your website directory.
   update time	The last time a scan detected the file. This time is updated in subsequent scans if you take no action on the file.
   trojan type	The system identifies the following types of malicious files: webshell backdoor file: For more information about webshell files, how they work, and how to defend against them, see Defend against webshell intrusion. trojan-horse file: Your application contains code for a trojan-horse attack. You can delete the file or re-upload the original source files to your Web Hosting instance. You can also contact your application developer to locate and resolve the issue. If the scan finds a webshell backdoor file or a trojan-horse file that causes access issues, use the following methods to resolve the problem: Strengthen permission management. We recommend setting the permissions for dynamic files, such as ASP and PHP files, to Readable and executable (write prohibited) to reduce the risk of tampering. For directories that are used to upload files, we recommend setting the directory permissions to Readable and writable (script execution prohibited). For more information, see Set file and directory permissions. Configure a firewall and enable its policies to avoid exposing unnecessary services and reduce the attack surface. For more information, see What is Web Application Firewall and User Guide. Note All versions of WAF support Exclusive Web Hosting. You can directly activate and configure WAF. Shared Web Hosting uses a shared IP, and multiple users share the origin server. Do not configure WAF for a single user in this environment. Instead, we recommend that you upgrade your Shared Web Hosting instance to an Exclusive Web Hosting instance. For more information, see Upgrade a Web Hosting instance. Harden your host's security. For example, regularly change passwords, avoid running applications with the highest-level user permissions, and use the HTTPS encrypted access feature.
   status	Pending: The file is unprocessed. You can quarantine or ignore this high-risk file. Quarantined: The file is in quarantine and cannot be exploited by attackers. If a file was mistakenly quarantined, you can restore it with one click. Trusted File: If you ignore a file, the system adds it to an allowlist and it will not be flagged in subsequent scans. Invalid: The file was manually deleted or has been modified.

5. In the dialog box that appears, click Confirm.

   After the file is quarantined, its Status changes to Quarantined.

   Important

   • After you quarantine a file, we recommend that you remediate the issue as soon as possible to avoid affecting your website's operation.

   • Quarantining files improves website content integrity but does not prevent all network attacks, such as DNS hijacking. We recommend that you also enable the HTTPS encrypted access feature. For more information, see Enable HTTPS encrypted access.