What does ScanMyServer do?
We'll test your website or blog to see if it is vulnerable to being hacked. Each page will be tested for security weaknesses. We'll then provide you with a report that you can use to correct any problems.
Is it really free?
Yes. We'll do a complete scan of your web site and provide a confidential report of any security problems we find. If you wish, scanning can be repeated on a weekly or monthly basis to help you keep up with new security issues as they come up. Multi-site accounts and PCI certification testing is available for a small fee, but scanning your first site is really free.
Why should I test my site?
The code in your site may be written in a way that would make it easy for a hacker to gain control of it or even its server. Other code errors can be exploited to cause harm to your visitors. Our testing will reveal code and server problems and the report we provide has the information you and your webmaster need to make corrections.
My site has already been attacked, how can you help?
ScanMyServer will reveal the weakness that the attacker probably used to gain initial access to your site. These weaknesses must be fixed at the same time you repair any damage done by the hacker or it is likely to happen again.
Can your tests damage or change my site?
No. Our tests will not harm or change anything on your site, its applications or server.
Do I need to prepare my site for testing?
Please adjust any intrusion prevention or web application firewall solution to allow our system to run tests. 'White list' or allow testing from the IP addresses: 220.127.116.11, 18.104.22.168 and 22.214.171.124
Will your tests interrupt my visitors?
No. Our service is designed to be used on 'live' sites and your visitors will not even notice that testing is in progress.
What happens when the testing is complete?
You will receive an email invitation to log in to your personal and confidential ScanMyServer.com account. There you will find your report of any vulnerabilities we discovered and their relative severity.
Why do I need a ScanMyServer account ?
The ScanMyServer account allows you to view your test results, control what pages are tested on your site, how often it is tested and more. Like the testing, the account is free.
What are the odds that my site has a security problem?
It depends upon its size, complexity and the server that hosts it. About one third of all sites have at least one 'high risk' vulnerability. High risk issues call for immediate correction. Two thirds of all sites we test have a 'medium risk' issue. These should be corrected soon. Almost all sites have some 'low risk' vulnerabilities and these can be addressed if and when you have the time.
What do I do if you find a problem?
Many of our customers fix the security problems themselves using the guidance provided in our reports, others alert their webmaster or host for help. We do not provide webmaster services.
Is my security report confidential?
Yes. The results of your tests are confidential.
Do you need my website password or any special access to my site?
No. We can test every page that your website visitors can visit. We can also test password protected pages if you give us permission.
Why do I have to 'confirm' my site?
Confirming the site by installing our security seal proves that you have admin rights to the site and are qualified to request testing of it. It is also good business practice to let your site visitors know that you care about their online security.
Why doesn't my site confirm? I put the seal code on my home page but when I press the 'confirm' button it says that no code could be found.
If you asked ScanMyserver to scan yoursite.com, but the site actually resides at www.yoursite.com, then it won't be able to find and confirm the seal. Please make sure the domain name you entered at time of sign up is exactly the same as your web site domain name. If you signed up domain name "example.com" but your site resolves to www.example.com then we will not be able to confirm the code you put on your site.
Other possible causes for the seal verification not working:
1) When you access your site, if you enter www.domain.com but visitors are then redirected to www2.domain.com, that means *www2.domain.com* must be enrolled at SMS. Always sign up the domain that is the LAST domain in the chain, if the forwarding is automatic.
2) If you enrolled www.domain.com the seal code should be:
<a href="http://www.beyondsecurity.com/vulnerability-scanner-verification/www.domain.com"><img border="0" alt="Website Security Test" src="https://secure.beyondsecurity.com/verification-images/www.domain.com/vulnerability-scanner-2.gif"></a>
Using anything else will not work. Make sure the code is correct or the seal will not be detected.
3) If your site www.domain.com redirects to a non-standard port, for example to https://www.domain.com:8081/ or to a sub directory such as http://www.domain.com/somedirectory/ please contact us at: firstname.lastname@example.org to request a manual verification.
How often should I get my site tested?
Frequent testing (weekly) is important for sites that collect and store visitor information, financial information or that allow access to a database. If you don't collect confidential information and if you rarely change code on your site then occasional testing (monthly) is enough.
Doesn't my host protect my site?
Your host does his best to secure the server, but he probably does not test your site code. If hackers finds a weakness in your code they could break in and take over your site even if the host server remains untouched.
Isn't antivirus and a firewall enough?
No. Attacks on a website are not delivered by email and will go through a firewall just like any other visitor request.
Is there anything I need to do?
Yes. Confirm that you have sufficient permission to test the site by putting our secuirty seal on your home page footer.
Can I trust you?
ScanMyServer is a free service provided by Beyond Security, a company whose network and software security products are trusted by corporations and governments around the world. We have been providing security testing solutions since 1999 and are now making these powerful tools available to everyone.
How good are you, really?
Our testing services are used by banks, international corporations and governments; some of the most heavily attacked targets in the world. You will have the benefit of our experience in testing these highly sensitive targets.
What kinds of website security problems can you detect?
1) Poorly coded web pages, database connections that allow access to private data or problems in any other applications such as a shopping carts or blogs. Examples are: SQL injection, XSS (cross site scripting), Remote File Inclusion, PHP/ASP Code Injection, Directory Traversal and File Disclosure.
2) We can identify the results of an attack by a virus, trojan or worm. Example: malicious code may open a TCP port for unauthorized access from the internet.
3) System mis-configuration. Example: a service using a known default user name or password; or omitted security updates/patches.
Can you test more than one website for me?
Yes. Start today to get your first site tested free and later you can add more sites for a small fee.
What is a 'Security Seal'?
It is an online certificate of website security. By adding the seal code to your site you are also confirming that you have sufficient permissions to request a test.
Why would I want a Security Seal?
Displaying our security seal demonstrates that your site is free of vulnerabilities and you care about the safety of your visitors. It gives visitors confidence that any personal information they enter on the site is secure, resulting in more sign ups and conversions for you.