Hello!

I run a Joomla site and I went to one of the famous commercial sites that deal with vulnerabilities. They have a free security audit for malware.
I ran it on my site. And I got a reply that "Host is not alive". I have Admin Tools WAF turned ON. They recommend to shut it down temporarily, so their scanner can check everything. But to me that doesn't make any sense. Because, in my opinion, if their scanner couldn't get through, it means that the site passed the audit fine.

Quote:

if their scanner couldn't get through, it means that the site passed the audit fine.

Nope it means the firewall blocked their scanner agent, that does NOT mean that there is no vulnerabilities.

Beware that free audit services are created just to attract potential customers. Based on my own experience I wouldn't suggest using them (or at least – not them alone).

Also keep in mind that any automatic scanning engine is not as good as a real security expert. If you have Joomla site, I would suggest first going all the security hardening steps (recent versions, updated components and plugins, secure FTP, restricted access and so on). Only then you should test website security with professional company. I recommended www.webyfly.com for a couple of my customers as an first measure. As I know they do automatic testing, but real humans fine tune-the tools and analyze the results.

Also you could periodically check unmaskparasites.com for all the nasty things already in your site.