How to Protect Your Website from Hackers and Malware

An online presence is not only an opportunity to advertise effectively and raise the profile of your services or products. It also means potentially risking the possibility of your websites and emails being misused. This can be easily avoided, you just need to make sure that you have adequate security at both server and website level.

Who attacks websites and why?

Attacks on web servers and websites have been a common occurrence since the birth of the Internet, but in recent years they have become virtually inevitable. All well-secured web servers block thousands of attack attempts on a daily basis.

Almost all (99.999%) attacks are fully automated. This means that the attacks are not carried out manually by a malicious person, but simply by an attacker(or a team of attackers) who has programmed an application that automatically and systematically scans all websites on the Internet for those that are vulnerable, insecure or not up-to-date.

When such a program finds a vulnerable website, it passes it on to another program, which then tries to hack into it via publicly disclosed security holes in those applications(e.g. WordPress, Joomla, Magento, Drupal, Open Cart, etc.).

If the intrusion is successful, the malware uploads additional programs to your website that perform the following activities:

• SPAM mailing;
• try to install viruses on your visitors’ computers;
• redirect your visitors to foreign websites, sometimes with inappropriate content;
• try to steal personal data(e.g. bank details or passwords) of your visitors.

All of this activity is completely automated – so the authors of these malicious programmes are never personally involved in the attack. This would be physically impossible and unreasonable, as they can only be successful in what they are doing by scanning and attempting to attack over 10,000 websites on a daily basis.

The motivation for attacking unprotected websites is financial, as programmers (“hackers”) who write malicious programs (“malware”) are well paid for what they do. Their services are mainly contracted by persons or groups, mostly located in exotic locations around the world, who are engaged in illegal or at least unethical internet activities.

The 3 most common reasons for a virus on a website

1. UNPATCHED/UNSECURED APPLICATIONS

WordPress, Joomla and Drupal applications are the biggest targets because they are the most widely used applications on the web due to their ease of use. This gives attackers a wide choice of potential targets from the multitude of un-updated websites that contain open security holes.

2. USE OF UNTESTED PLUGINS AND THEMES

Many quality, popular plugins andthemes for WordPress, Joomla and other applications are paid-for. However, they can also be found online for free. In most cases, such plugins are accompanied by malicious code, which is the reason why a (malicious) user has offered them for free download online. Such files are usually available on“torrent” or“file-sharing” websites. In such cases, the owners install the virus on their websites themselves – by downloading plug-ins or graphical themes with malicious code, which then activate the virus.

3. VIRUS ON THE COMPUTER

If there is a virus on the computer you are using to connect to your hosting package, it can spread to your website. Certain advanced viruses are hybrid in nature. This means that they can attack a PC as well as an email program, an FTP program or even a website. In any case, we advise you to regularly use a desktop antivirus such as Microsoft Security Essentials or AVG Free.

Who is responsible for security? How do I protect myself?

Your hosting provider is responsible for the security of your server (in this case it’s us – NEOSERV).

However, it is your responsibility to secure the websites themselves:

• the website owner or
• the person or company who created the website, if they have made such arrangements with the website owner.

What does the hosting provider or server need to take care of?

1. Adequately powerful and maintained hardware to ensure fast and stable operation;
2. Adequately updated and secured software that does not allow malicious code (viruses) to penetrate;
3. Adequate security systems(firewalls, etc.) to block the attacks on websites that are happening on a daily basis all over the Internet.
4. Monitoring activity in the server environment and reacting appropriately and informing users if problems occur.

What should the website owner (or, by agreement, the website builder) take care of?

1. Not installing applications(scripts or web pages) on their hosting package that contain security holes that attackers can exploit.
2. That it regularly updates its applications(e.g. WordPress, Joomla, etc.) to the latest secure version.
3. Not to share the access data to your hosting package with third parties.
4. To take adequate care of the security of the computers used to access the website. Certain viruses on your computer can spread to your hosting package.

If you take these 4 basic measures, you will not have any problems with the security of your website.

Want to know more?

Find out more about what a website attack or web virus is and some tips on how to keep your website secure here.

And you can find out more about how to clean your website of a web virus here.

We are also always available by phone or email for any further questions.