When signing up for a web hosting account, most feel confident that the provider takes all the preventive measures to make sure their personal information is safe. While most companies do try to secure their hosting platforms, one should never assume that these security measures are 100% reliable. Hackers are determined and very skilled at their craft. They will employ various techniques and use numerous tools to break into your website. One of the most effective weapons in their arsenal of tricks is malware.
In 2008, web security firm ScanSafe, released a report that raised a lot of concern in the hosting industry. The report revealed figures from research conducted between May 2007 to May 2008, showing that 68% of legitimate websites studied were unknowingly hosting malware. Researchers at ScanSafe say that crafty intruders were able to compromise websites of various sizes from well known entities to small businesses.
Nature.com is one site that was victimized. According to Quantcast, this site receives more than 700,000 unique visitors each month, making it one of the top 500 most trafficked sites on the web. ScanSafe’s study found that malicious code was embedded into web pages on Nature.com. Thankfully, the administrators detected and rectified the issue very quickly. Although the website was only compromised for a single day, an estimated 30,000 users could have been at the risk of malware infection.
A Double Threat
So, how do intruders sneak these malicious scripts into an innocent website? They use a wide range of methods and one of them is an attack called SQL (Structured Query Language) injection. Numerous security reports show that risk of exposure to website hacking has increased by more 400% since 2008. It has been reported that backdoor installing and password thieving malware accounts for the fastest growing attacks, threats that increased by over 800%.
The ScanSafe report shows that SQL injection is one exploit that aids the most in malware attacks. With this type of attack, a hacker inserts SQL code into a simple form on a web page, any application that interacts with a backend database. They can then send requests to steal information from the database or communicate with it in malicious ways to compromise other visitors that may interact with the site. SQL injections are such a huge problem because so many webmasters do not take the proper security measures when developing applications and administering databases. Most simply rely on simple authentication based on a username and password. By using an SQL select query, a hacker can take those values, compare them to the information in the database, find a match and get the access they need. With all the advanced hacking tools available, this process can be done very quickly.
Keeping Your Website Safe
Malware is a very dangerous security threat with the power to bring down a single website or an entire server. It comes in various forms and can go undetected for quite sometime. When the victim finds out, it is usually too late. You can keep your site protected against spyware, Trojans, viruses and other malware by making sure you web applications are completely secure. If you are not quite sure, get yourself a vulnerability scanner to scan your site for security holes. It is a small investment that can spare you a lot of heartache.