A recent run in with an infected website inspired me to expand upon the methods to prevent this from happening to others. Truth be told – no software is without security vulnerabilities, bugs and 0-day attacks. Unfortunately, most websites are a particularly juicy target for cybercriminals because they use them to quickly propagate malware, scams and other fraud from which they profit. Most often people fall prey to malware infection on their website and they fail to have taken the steps that would allow them to properly recover. These steps are simple but must be undertaken in order for you to survive the very real potential of damage to your brand, reputation or costly even data loss. Here are my 3 simple steps to defending your online presence:
Backing up is one of the least exciting things you have to do but it is one of the most important tasks for maintaining your web presence. Without valid backups you couldn’t bring your website back if it got hacked or even if you experienced a simple software bug. In short, no matter what always ensure you have automated backups set up on your website content, databases and any and all critical related servers. Backup to be safe- rather than sorry.
Most websites run either a commercial or open source content management systems (web application that lets you publish,edit and maintain your web presence). These supported by a community of developers or a corporation who address known security issues. The unfortunate thing is that people do not always apply the available patches. Just like your desktop operating system, patching your content management system is sane web administration security practice. Most software providers will have a security mailing list, twitter updates and information directly in your web management software that alerts you of the need for updating. Long story short – update!
Scan Your Site
Should you suspect your site has a problem with malware you can remotely scan it with many free online anti-malware tools. Many of these tools rely upon multiple methods such as actual malware scanning, reputation reporting and content analysis (among others) to assess your website for infection. Listed below are a few of the many you can you to remotely assess your site. Please note that these services do not remove malware, generally only removing the infection manually and rebuilding the site for backup can do that. If you are not seeing any results from these tools but users are still reporting the site is showing signs of infection, like page redirects, illicit links and or offensive content have your web developers inspect the code for suspect malware. We will cover that in great detail in our section post on this topic.
Google Safe Browsing (Replace site= with your domain.com)
Norton Safe Web
Web of Trust
In part II of this series I will explore recovering from website infection. Stay safe out there my friends!