Securing a website is the main task of not only the system administrator or the person performing his role, but also the direct owner of the Internet source.
It is terrible to imagine what neglect of the security of an Internet resource can lead to. It can be either a deterioration in the site’s search positions, or a decline in the company’s reputation in the eyes of its potential and current customers, their complete and irrevocable departure. For example, if a visitor visits the organization’s website and infects his operating system while working with him, his impressions will remain clearly negative, and in some cases, the situation will cause an outbreak of aggression towards the owner of the web resource.
In addition, when infected with a serious virus, a complete loss of your site may occur, which will lead to significant financial costs for developing a new one in return for the lost one.
For these reasons, one of the highest priorities of the entrepreneur or the head of the organization will be to provide comprehensive protection and security for a functioning website.
It is worth noting that the virus itself on the site, only in rare cases gets to it randomly, in the vast majority it is part of a deliberate attack, during which the virus code plays only a certain auxiliary or (in some cases) executive role in the complex, followed by and other methods of attack. Thus, the protection process needs to be built not only against malicious scripts and code, but also various attack methods. For example, the most popular Dos and Ddos attacks among hackers are the first step to finding vulnerabilities, which will entail the process of planned infection or “throwing in” a “Trojan” – a type of virus, the main role of which is to steal any kind of data.
The main types of threats
Unauthorized access to personal data of users, confidential information, as well as to any information stored in the database site. The methods for gaining access to the database of a web resource can be attackers, either by infecting the site with malicious code, or by finding various types of vulnerabilities in the security system.
Dos and Ddos attacks, already mentioned by us earlier, although they are not related to infection of the source with a virus code, they are capable of causing great problems to the owner of Internet resources. Until now, there is no reliable 100% protection against this method of wrecking. The principle is based on sending mass requests from one (Dos) or several devices connected in a network (Ddos) to the server on which the web resource is located. As a result, the system goes into defense (an error code is issued) or it freezes, which makes it possible to detect “holes” (in the language of hackers, denote vulnerabilities) for further actions, including downloading a trojan virus that will steal and / or redirect sensitive sensitive data to its “owner”. Dos and Ddos attacks are the most popular ways to check the protection of an Internet resource, because they are associated not only with information theft,
All methods of protection against this type of attack are associated with the proper configuration of server hardware and software installed on it. Choosing a reliable hosting provider is another important and integral part of an integrated security system. The ban on receiving data from users with foreign IP addresses will complicate the activities of attackers or gain time.
It is also worth mentioning SQL injection , that is, queries through the address bar (using GET parameters) directly to the database. Using a special combination of sql-query and assuming this possibility from the side of the site, attackers will be able to gain full access to the database (DB), including the ability to download, delete, modify.
To protect yourself from this method of manipulating the database of your website, you will need to use only parameterized queries, stored procedures, regular expressions, blocking functions in the code and disable the output of error messages. It is important that an experienced webmaster and programmer (not lower than the “Middle” level) deal with the development of the security system. Do not try to do this yourself without proper knowledge, as this may violate the integrity of the system and lead to the failure of the web resource.
XSS attack consists in “stealing” information of a different level – “cookies”, which will allow access to the information of user accounts. The method of action is based on the implementation of the script code (js) on the website page, which will be launched automatically when the user logs on to the site. In most cases, a hack is used on the server on which the site is stored, or it is infected with a virus. When committing an XSS attack, attackers can not only steal user account data, but also redirect them to other websites, open additional windows, and infect users’ PCs. The protection methods consist in the closed ability to send POST and GET request parameters directly to the database without preliminary checking, as well as those measures for closing vulnerabilities that were used for sql injection.
On the part of the owner of the website, one must always be prepared for this kind of attack, especially when it comes to a highly competitive niche, where each attracted client is worth its weight in gold.
Blocking or restricting website availability
Blocking or restricting the availability of a website on the Internet is another common problem and threat that companies of various levels periodically face.
The worsening of positions in the search results of Yandex and Google also leads.
Malicious code can reach the site, both due to deliberate planned attacks, and in a random way, for example, by transferring a virus from the administrator’s PC that manages and manages it.
Infection of the site in order to gain the ability to attack users of the site and the further spread of the virus on the Internet. Typically associated with fraudulent activities, the main goal is visitors to the website and their devices. In most cases, an infected web resource is just a carrier that runs a special script that spreads the virus code to users ’devices. In addition to wrecking activity, it can carry out the functions of collecting any kind of information from PCs, laptops, smartphones and tablets (most often bank card numbers and application data from a client-bank).
Several other types of threats can be noted – “Specific”. They are not directly related to viral infection, but can significantly harm the company’s business. The first of these is phishing, which consists in creating and posting on a third-party Internet site a copy of the site with data entry forms. The purpose of this activity is the theft of confidential personal data of visitors and customers of the company. It’s scary to imagine what a hit on a site copy that completely repeats Sberbank Online can lead to. The only protection against phishing is user attentiveness. Although all popular systems are struggling with this type of threat, double sites regularly pop up on the Internet.
Another threat to the company’s website is the massive purchase of low quality external links to a competitor’s website, which will drive it under the “search engine filter”. Often, a fall in positions in organic results is associated with the action of malicious code, although in fact the reason may be precisely in this factor. To protect yourself, regularly monitor the position of the website, view information in the panels of “Webmasters”. Pay special attention to such an indicator as the TIC. Its unreasonably fast and sharp growth, as a rule, is caused by the intrigues of intruders.
How to find out if a site is infected with a virus?
The first signal that a web resource is infected is a violent and sharp reaction when it is visited by a “regular” antivirus installed on a PC. Another alarming factor may be a sharp deterioration in the position of the site in organic SERPs. It is also possible that a warning appears in the website snippet that the source is infected (the text appears unnatural on the pages), the work and page loading are different from the standard ones.
To check the web resource, you can use the Yandex Webmaster and Google Webmaster services.
To check the web resource located on our hosting site, you can use our own antivirus “Virus Scanner” inside cPanel . After checking the scanner will display a report with detailed information about the status of the site.
Another sign of malicious code is the presence of an extraneous iframe tag.
How to protect a site from viruses?
- Make regular backups of the web resource. It is important that the data is stored for 6 months, so that during infection it is possible to “roll back” the state to a level preceding the time the problem occurred.
- Use strong, strong passwords.
- Setting protection against “brute” (enumerating combinations to determine the appropriate) password, enabling the restriction on the number of attempts to enter.
- To protect access to a dedicated server or hosting, use a two-level login procedure.
- Use a reliable antivirus on a working PC, from which you work with files on the server.
- Deny access from IP addresses that are not geographically related to the website.
- Connect the https protocol.
- Use a different address than the standard login method for entering the administration panel. As a rule, http://yoursite.com/admin.php or http://yoursite.com/manager.php are used on popular systems . Changing the path to access will complicate the task for intruders.
- Perform a ban on entering code and special characters in the site forms.
- Do not forward login data to the site and server / hosting through corporate mail with shared access for employees, as well as through instant messengers, social networks, sms.
- Use a reliable hosting provider, preferably with built-in antivirus protection. It is worth immediately abandoning free tariffs, the reliability and safety of which is desired.
- Use methods to protect the database from sql injection, XSS attacks.
- If possible, abandon the use of “home-made” engines, content management systems and site administration, as there can be enormous problems in terms of the vulnerability of the web resource, for the correction of which you will have to pay a significant amount of money because web programmers do not like to work with “ someone else’s code, especially if it’s not professionally written and has a lot of “garbage” in it.
- If the project is developed or is still being developed on any framework, involve a specialist in information security and protection. This will reduce the risk of detection of “holes” (vulnerabilities) by hackers from the website (it is impossible to completely eliminate it, since even the most reliable system may find it possible to overcome the security system by a professional Internet cracker).
What to do if the site is infected?
- If the hosting supports antivirus, use it by running a scan.
- Restrict access to the Internet resource by setting the “stub” – protection or disable the site in the administration panel. If this action is not done, you risk harming visitors to the site, including your regular customers.
- Use the “backup” saved earlier until the infection and restore the site to the starting point. In most cases, if the antivirus could not help, recovery is the most reliable way to fix the problem.
- Check for malicious code in all files manually – if you have these skills, if not – instruct a full-time or remote (third-party) web specialist. Pay attention to the <iframe> tags, as well as the JS files, which are the most attractive in terms of malicious code. If CMS is used, then the check should be carried out not only in the main files, but also in additional ones, including other topics and templates.
- Check the database and its integrity, the presence of a virus in it.
- Limit access rights to other users, remove “suspicious” ones.
- Install and eliminate the cause of the infection to prevent malicious code from re-entering.
- When finished, turn on the site, check it again using a third-party antivirus service and the Webmaster tools in Yandex and Google.
In conclusion, I would like to note one important fact on the part of Internet security: you need to prepare for any attack in advance, working out the security system comprehensively, without neglecting the nuances, since it is thanks to them that a hack occurs with penetration of your web resource.
Do not spare money on consultations with specialists in this field, as their timely assistance can save your business reputation and protect you from serious financial and other problems. Do not forget about the protection of the PC from which the resource is managed and administered, timely and regularly update antivirus software.