Thousands of vulnerable websites are exploited everyday. In many cases, your site can be victimized without you having the slightest clue. Unfortunately, there are also instances in which your site can be used in malicious ploys without being directly compromised In the best interests of both you and your visitors, it is imperative that you take the appropriate measures to ensure that your site is a safe place to visit. In this article we will talk some of the more unusual ways hackers and malware writers plant their harmful seeds.
Malicious Banner Ads
Although most attacks involve taking advantage of vulnerable web applications, attackers have several other weapons that can be used to maliciously exploit your site. One popular method is through the use of banner ads. The person you think you’re networking with could be using your site as a medium to propagate their malicious code. As soon one of your visitors clicks on the compromised banner, they are redirected to a malware hosted site or directly infected depending on the nature of the code. If you insert third-party advertisements on your website, it is imperative to make sure they do not put you or your visitors in danger. The best way to do this is knowing how to properly access obfuscated banner code for signs of malicious values. You could also do some checking to find out if the advertiser you’re working with has a reputation for participating in such activities.
Sneaky Uploads and Downloads
Most website attacks focus on HTML code but it is also possible for malicious items to be uploaded to an improperly secured site. If you allow users to upload content to your site, they can easily sneak in executables such as Javascript, .exe, .bat and. cmd files. Attackers have also been known to bundle their harmful programs with applications given away as free downloads. You will become unpopular if every time someone downloads your free software, they end up with a nasty infection on their PC. You can learn if your site or applications are being used to distribute malware by downloading the source code from the live site onto a virtual machine and scanning it with a reliable anti-malware tool.
A Few Security Tips
It’s a jungle out there in cyberspace, filled with more hazardous creepy crawlers than you could imagine. Following these simple tips should help make your website a much safe place to hang out.
Transfer Data Securely – If you allow users to upload to your site or require root access, be sure to utilize SSH and SFTP rather than Telnet or FTP. These protocols have both been considered insecure because of their tendency to transmit data in plain text. When using FTP or Telnet, sensitive information such as user names and passwords can be easily read by anyone eavesdropping on the network. SSH and SFTP are encryption-based protocols that scramble data so it appears in the form of unreadable characters.
Scan Your Website – There are a number of scanning technologies that will comb your site for vulnerabilities. A good one will not only help you detect insecure applications, but also software packages that require immediate patches.
Secure Hosting – You can take all the preventive measures you want, but if the server you’re hosting on isn’t secure, all those efforts will prove futile. Make sure your web host is taking the necessary steps to keep you protected behind the scenes. If they are not making use of features such as firewalls, anti-malware and DDoS protective software, you need pack up your website files and head elsewhere.
