How to Keep Your Website from Malware Infection Part I

A recent run in with an infected website inspired me to expand upon the methods to prevent this from happening to others. Truth be told – no software is without security vulnerabilities, bugs and 0-day attacks. Unfortunately, most websites are a particularly juicy target for cybercriminals because they use them to quickly propagate malware, scams and other fraud from which they profit. Most often people fall prey to malware infection on their website and they fail to have taken the steps that would allow them to properly recover. These steps are simple but must be undertaken in order for you to survive the very real potential of damage to your brand, reputation or costly even data loss. Here are my 3 simple steps to defending your online presence:

Backup Your Website

Backing up is one of the least exciting things you have to do but it is one of the most important tasks for maintaining your web presence. Without valid backups you couldn’t bring your website back if it got hacked or even if you experienced a simple software bug. In short, no matter what always ensure you have automated backups set up on your website content, databases and any and all critical related servers. Backup to be safe- rather than sorry.

Patch Your Webserver & Web Applications

Most websites run either a commercial or open source content management systems (web application that lets you publish, edit and maintain your web presence). These supported by a community of developers or a corporation who address known security issues. The unfortunate thing is that people do not always apply the available patches. Just like your desktop operating system, patching your content management system is sane web administration security practice. Most software providers will have a security mailing list, twitter updates and information directly in your web management software that alerts you of the need for updating. Long story short – update!

Scan Your Website

Should you suspect your site has a problem with malware you can remotely scan it with many free online anti-malware tools. Many of these tools rely upon multiple methods such as actual malware scanning, reputation reporting and content analysis (among others) to assess your website for infection. Listed below are a few of the many you can you to remotely assess your site. Please note that these services do not remove malware, generally only removing the infection manually and rebuilding the site for backup can do that. If you are not seeing any results from these tools but users are still reporting the site is showing signs of infection, like page redirects, illicit links and or offensive content have your web developers inspect the code for suspect malware. We will cover that in great detail in our section post on this topic.

Free Website Malware Scan

VirusTotal
https://virustotal.com/

URLVOID
https://www.urlvoid.com/

Google Safe Browsing (Replace site= with your domain.com)
http://www.google.com/safebrowsing/diagnostic?site=google.com

Commercial Website Scan w/ Free Website Scan Option

Acunetix
https://www.acunetix.com/vulnerability-scanner/register-online-vulnerability-scanner/

SiteLock
https://www.sitelock.com/website-scanning

Sucuri
https://sitecheck.sucuri.net/

Qualys
https://www.qualys.com/forms/freescan/

In part II of this series I will explore recovering from website infection. Evolutionary IT offers this fully managed secure cloud solutions with options such as secure managed hosting, website backup, pen testing, etc. If you’ve got questions, please feel free to leave them in comments below. If you’d like help cleaning up your site or need advise on how to avoid these painful issues, contact us for more information. As always, we are glad to help. Stay safe out there my friends!

Joseph P. Guarino has a long history of producing business results with the application of information technology. Joseph's expertise span over 15 years in the private sector at leading technology firms and consulting organization. With Evolutionary IT, he saw a market need to bring his transformative knowledge and expertise to firms in the New England area and worldwide. Joseph is driven by a strong desire to see customer's thrive with the best business solutions. Evolutionary IT evolved out of this desire to bring a new level of quality IT solutions, align them with business goals and give customer's a competitive edge.
Posted in Security  |  Leave a comment

Leave a reply