Keeping your website safe – and off Google’s blacklist

Posted on by in Security

Google malware warningLets suppose you wake up one sunny morning, and find that your web browser won’t let you open your website. Or worse still, it is listed in the Google results as “This site may harm your computer”! Maybe you thought the maintenance contract offered by your web developer was just sales flannel to get more money from you?

Malware affects ALL systems

When did you last install a Windows Update, or apply a Software Update to your Mac, or Ubuntu PC? The chances are that you have done so several times in the past year.

There is every chance, however, that you have never updated WordPress, Joomla, Drupal etc since you installed it. Or if you have, did you remember to check all of those juicy plugins, addons, and modules that you installed to make your website into the super funky thing that it is today?

Old plugins are a primary attack vector (that’s technical speak for “gaping hole”) for hackers to fire their attacks at. Just because there are no updates for your plugin does NOT mean it’s up to date – the developer may have abandoned the project. So always check.

Who wants to hack your site?

There are, unfortunately, armies of misguided yet talented individuals who spend their time supporting criminals, working out new ways to circumvent the security of your website so they can install their own software on your website.

Why? Because the software they install is intended to make them money – either directly through fraud (installing false banking lookalike pages) or by attempting to fool you into installing malware on your PC, so they can further spread their dark doings.

The consequences of being hacked

So what? My site got hacked – I’ll just restore it. This is a bad attitude for the following reasons:

  • If the hack was subtle, you may not even realise it for some time. Your site may look and operate normally. After a few days we will no longer retain backups of the clean code, making recover that much harder.
  • Once search engines discover the malware, your SEO success story will come to a spectacular end. Your page rank will fall like a brick.
  • Do we need to mention the loss of business this will cause?
  • Loss of trust in your site and more importantly, your brand.
  • Just restoring clean code is not enough – the vulnerability will still exist and you will find yourself back in hot water soon enough.
  • We will probably suspend your account.

Types of attack

The anatomy of any attack is quite complex – there is the method by which the attackers actually gains control, the method by which their dastardly malware is applied to your website, and then the effect of the malware itself on computers that open the website. Here are some examples of each stage of infection:

Common incursion methods :

System command injection : Every time you open a webpage, your computer requests data from the server. An attacker creates malformed requests that attempt to fool the server into executing arbitrary code that will allow the attacker to gain the ability to alter the contents of server’s filesystem.

SQL injection : Similar to Remote Command Injections, this method uses malformed requests to try and escape out of your PHP code to run arbitrary SQL queries, possibly exposing your database to the attacker.

Infected PC : Due to an infection on your PC, an attacker has been able to gain access to your hosting account details.

Man in the middle : An attacker compromises a local WiFi hotspot, and waits for victims to use it. Using advanced cryptographic techniques, the attacker may be able to sniff out usernames and passwords for various services you access.

Types of attack :

SEO Poisoning – This is a technique where your website actually appears to run normally. The hackers create redirection commands (via htaccess or via injected PHP code) that redirect ONLY search engines to their  undesirable target site. So, when you look at your website it appears fine, but all of your hard earned results in google will point to porn, fraud or worse content.

iFrame attack – The attacker injects code into your webpages that renders a “page within a page”. The injected webpage will invariably try to load popup windows that will try to fool you into installing fake anti-virus software, or similar, by telling you there is a problem with your PC. Unfortunately, the injected code is the symptom, and the vulnerability that allowed the injection to take place will be elsewhere.Symlink

Cross site scripting : Somewhat more complicated, but equally as common, this sort of attack requires three parties – your vulnerable website, an unsuspecting user, and the attacker. The attacker lures the unsuspecting user to a compromised web page, and uses this page to access your vulnerable website using malformed requests. Once the unsuspecting party has accessed your vulnerable site, the attacker is able to view information that should be secret to the unsuspecting user.

Why suspend my account?

Depending on the severity and nature of the hack we may suspend your account. This might sound harsh, but in fact we are usually doing you a favour:

  • In terms of SEO – if Google, Bing etc. can’t see your hacked site, they can’t ban you, with all of the ramifications that go with it.
  • In terms of your business – do you want your customers to experience a defaced website, or to have malware installed on their computers?

If you had a monster loose in your shop, you’d want the building manager to close the doors while you sorted things out, right?

Also, depending on the nature of the attack, the malware may pose a threat to other users on the server, or to the stability of the server as a whole. It’s usually best to steer the safest course of action until we know what we are dealing with.

Protecting your website

ALWAYS keep your PC, Mac, iPad etc up to date

Operating system updates – These can seem to arise at the most inconvenient of times. Those annoying popups telling you there are a dozen new updates for Windows, are there for a reason. Don’t delay – update as soon as you are able.

Anti-Virus software – No computer is immune from malicious software, no matter that the marketing hype says. I’m writing this on a Mac, but I still have Anti-Virus software installed. Always keep your Anti-Virus software updated – without doing so, you may as well not have any at all.

ALWAYS keep your website software up to date

Content Management Systems (CMS) – If you’re website is based on one of the popular content management solutions, such as WordPress, Joomla, Drupal, Concrete, phpBB, SMF, vBulletin etc, then this should be a straightforward task to updating the core components and should not take too long (often a few minutes).

Plugins – Almost every CMS has the ability to add plugins, or add-in modules. As previously stated, it’s no good maintaining your CMS if the plugins you have installed are holding the door open for hackers. Always ensure they are kept up to date, and that they are being maintained by the author.

Custom written – If you paid someone to develop your website from scratch, then you really have no option but to contact them and ensure that they maintain your website for you. It is advisable to ask them to provide a breakdown of the security issues they have addressed each time they charge you for updates!

ALWAYS connect to your services using secure methods

Always access your webmail and cpanel services as:

http://yourdomain/webmail and http://yourdomain/cpanel

In all cases, accessing the above should redirect you to a secure (https://) login page.

Email, should be accessed using SSL methods – this is described in the following support article:

What mail settings should I use to connect to Krystal’s servers?

Always connect to your FTP services using SFTP instead of FTP as this will encrypt the password. Please note that SFTP is available on port 722 (not the default 22)

 


Also tagged as