How SMART Works
1. SMART downloads a copy of the files from your server to Sitelock.
2. SMART scans a file for any malicious code.
3. From here, there are two things that can happen to the file if SMART is set up to automatically clean your files:
a. If malicious code is found, SMART removes that code from the file and queues the file to be uploaded with the rest of the clean files back to your server and replace the original infected file.
b. If malicious code is not found, the file is not changed in any way and is not queued with the rest of the clean files to be uploaded to your server. The original file is still on your server as it was deemed clean in the first place.
4. SMART then goes to the next file and repeats the process from step 2 until all files are scanned and cleaned.
5. Once all files downloaded have been scanned and cleaned, SMART uploads the clean files to your server to replace the original infected files.
6. SMART repeats the process from step 1 on the next scheduled scan.
How To Set Up SMART
1. Locate your FTP information. Read more about how to find your ftp information here: How do I create an FTP user? What are my FTP settings?
2. On the main page of your Sitelock dashboard, click the “Settings” tab.
3. On the Settings page, click “Download Settings”.
4. Select if you are using FTP or SFTP in the dropdown menu next to “Method for File Transfers”. If you do not know which your website is using, you are most likely using FTP. If you are still unsure, contact your server administrator or hosting provider for assistance.
5. Enter your FTP host address in the “FTP Host Address” field. This is typically ftp.yourdomain.com OR your website’s IP address. When in doubt, use your website's IP address.
6. Enter the port where your FTP service is running on the server in the “FTP / SFTP Port Number” field. Most commonly this will be port 21 for FTP, or port 22 for SFTP.
7. Enter your website’s directory in the “Root Directory” field. If you do not know your website’s directory, either contact your developer or hosting provider to find it. We will not be able to locate this information for you.
8. Enter the FTP username in the “User ID” field. Ensure there are no spaces before, after or in the username. SMART does not support usernames with spaces or % symbols in them.
9. Enter the FTP password in the “Password” field. Ensure there are no spaces before, after or in the password. SMART does not support passwords with spaces in them.
10. Select the “File Download Speed” in the dropdown menu. This determines how many connections SMART opens to scan files.
11. Select the “Maximum Download Time” in the dropdown menu. This determines how long SMART will scan files before stopping until the next cycle. SMART will continue where it left off the next day/cycle
12. Click the red “Submit” button to save the changes. Ensure it says “Information updated successfully” after it is done saving changes. If it says “Invalid form submit”, re-enter the information and try again.
If you would like SMART to remove malware automatically, continue on. If not, SMART is completely configured and you can stop here. A scan will run on the next cycle.
14. Click the SMART Settings tab.
15. Ensure the dropdown box says “Yes, automatically remove the malware found.”
16. Click the red “Submit” button to save the changes. SMART will now remove malware automatically and is completely configured.
SMART Setup Tips
- If you change your FTP password, you will have to update it in the SMART download settings or else SMART will not run.
- SMART does not support usernames with spaces or % symbols in them.
- SMART does not support passwords with spaces in them.
- Ensure there are no blank spaces before or after any entries in the fields, this will cause an error if there are.
Understanding Your SMART Scan Results
You can find your SMART scan results by clicking the circle that says SMART on the main page of your SiteLock dashboard as seen below.
Date and Time: The date and time the scan was run. You can click a specific date and time to see more details of a scan.
Scanned: The amount of files SMART scanned.
Added: Files that were added to your server in the time from the last scan. These can also be cached or temporary files used by the web server and/or CMS.
Modified: Files that were modified on your server in the time from the last scan. These can also be cached or temporary files used by the web server and/or CMS.
Deleted: Files that were deleted from your server in the time from the last scan. Please note that our SMART scanner does not delete files on your server. This likely means you removed files from your server in between scans.
Malware Found: Files that were found to be infected with malware.
Malware Cleaned: Files that were able to be cleaned by SMART.
Review: Files that are suspicious, but are flagged to be reviewed by our research team to ensure they are malware.
Status: The status of that scan, not the status of your website. A green dot indicates the scan came back clean. A red dot indicates the scan detected malware.
Specific Scan Details
If you click on a date and time, you can see more details about the scan.
Suspicious Files - Files that SMART found to be suspicious.
Files under Review - Files that are under review by our research team.
Suspicious Files Tab
File Name - The filename of the file that SMART found to be or contain malicious code.
Malicious Code Found - If SMART found malicious code, it will say yes. Otherwise, it will say no.
Malicious Code Cleaned - If SMART was able to clean the malicious code, it will say yes.Otherwise, it will say no.
Malicious Links Found - The number of malicious links SMART found.
Changed By You -If the code in this file was changed by you, it will say yes. Otherwise, it will say no.
Changed by Us - If the code was changed by us, it will say yes. Otherwise, it will say no.
Files under Review Tab
File Name - The filename of the file that is under review by our research team.
Common SMART Errors
If your dashboard is saying there is an error with SMART, you can find out the specific error by following the steps below, and then referencing the errors listed on this page.
1. On your dashboard, there should be a black circle with a red “X” that says “SMART” underneath
2. If you hover over this circle with your mouse, the red “X” should change to say “Error”.
3. On this new screen, there should be an error in red or yellow text in a red or yellow rectangular box below the word “SMART”. Reference that error with the ones below.
Max retries exceeded - Any issue below that SMART has encountered multiple times in a row. Most common cause for this is a bad hostname, see below for more details on that issue.
Login authentication failed - Incorrect FTP login credentials were used in the SMART settings. Ensure you are using the correct FTP username and password, and check for spaces in the “User ID” and “Password” fields
Bad hostname - The wrong hostname was entered into your SMART settings. Check for spaces in the “FTP host address” field, use your website’s IP address, and ensure you have the correct hostname. If you have our firewall, ensure you are using your website’s IP address.
Cannot find directory - A redundant or wrong directory was entered into your SMART settings. Ensure that the directory you input is not already included in the FTP user settings you created. Check the file path and resubmit the SMART settings.
Timeout Errors - Your server did not respond to our request within a certain amount of time. Either try again or contact your hosting provider for assistance
Permissions Errors - Either a file or directory has incorrect permissions. Contact your host to reset permissions on your server.
Filenames/Bad Filenames Errors - SMART cannot read certain characters in filenames. Rename the file to something generic and without spaces and run the scan again.
FTP user blocked/Suspicious Activity - This means your hosting provider has blocked the FTP user or IP address SMART is using. Contact your hosting provider to have them remove the block on both the FTP user and the listed IP address if there is one listed
FTP Quota Errors - The FTP quota for the FTP user has been exceeded. Either increase the quota, or contact your hosting provider for assistance
Disk Quota/Disk Space errors - The disk space on your server has been used up and SMART cannot upload files it has cleaned to your server. Remove unneeded files from your server to fix this issue as we cannot delete them for you.
SMART is scanning only one file - When you created an FTP user, it may have asked for a directory to assign to it. On some hosting dashboards, it will automatically input the username as a directory and create that directory with one file in it named ftpquota. The way to fix this is to delete that ftp user in your hosting settings, re-add it and ensure that the field only says public_html. If you are still unsure of this, ask your hosting provider for assistance.
Does SMART delete any files from my server? The SMART scan result says some files were deleted. What does this mean?
No, SMART never deletes any files from your server. As our SMART scanner is programmed not to delete files, this means it saw that files were removed from your server from the last time the scan ran
If I move hosting providers, will I need to change the settings?
Yes, if you change where your website files are hosted you will need to create a new FTP user on your new server and update the settings in SMART
Does SMART scan databases?
No, SMART does not scan any databases.
SMART found malware but didn’t clean it. What happened?
This could be due to one of three reasons:
1. SMART was not configured to remove malware automatically during setup. Check the SMART Settings tab in the settings portion of your dashboard and ensure it is set to automatically remove malware.
2. SMART found malware it could not clean for a number of reasons. If this is the case, your site will need to be cleaned manually.
3. Your server is blocking our attempts to upload the cleaned files back to your server.
Why can’t SMART always clean the malware on my site?
There are new malicious codes and threats coming out all the time. As a result, SMART may sometimes find code it deems suspicious, but not know how to rectify the problem. This is why any suspicious code we find is reviewed by our research team to add to our database of threats.
The SMART scan results are saying it scanned only one file. Why is this?
When you created an FTP user, it may have asked for a directory to assign to it. On some hosting dashboards, it will automatically input the username as a directory and create that directory with one file in it named ftpquota. The way to fix this is to delete that ftp user in your hosting settings, re-add it and ensure that the field only says public_html. If you are still unsure of this, ask your hosting provider for assistance.