Today we are going to take a deeper dive into the subject of website security. Web servers can be breached in a number of ways, but the most common is simply stealing your user ID and password, either through a clever spearphishing email, or an automated brute force password cracking program. The second most common way is through software vulnerabilities in the web site code itself that opens it up to cross site scripting (XSS), remote code execution (RCE), or SQL injection attacks.
If you have a website for your business, or design them for clients, it is important to understand the importance of website security. So the two most important solutions are using strong, hard to guess and hard to crack passwords, coupled with two factor authentication if possible, and good secure coding practices. In some web site products, such as WordPress, this can be accomplished simply by keeping WordPress, and your themes and plugins updated.
Let’s take a look at what is at stake if your site is breached or compromised by a bad actor.
- Data theft. Your attacker may simply want the user names and passwords and other personal information of customers of your website. Or they may be after credit card information, which should not be on your website anyway, but in the hopefully more secure repository of your credit card processor.
- Malware distribution. If your attacker’s scam of choice is generating fake security pop-ups, or installing malware to turn site visitors computers into members of a botnet, then you may be hosting malware that makes that happen to visitors of your site. This is also known as a “drive-by download.”
- Defacement. Maybe all they want to do is deface your website to cause problems for your business or organization. These sorts of attackers are often politically or socially motivated.
- Phishing. Every phishing exploit has a link that leads the clicker to a website. Those website or web pages are generally located on compromised websites and web servers. These fake pages are designed to steal user information from the victims.
- Spam. It has to come from somewhere, and often websites and web servers are infected with mass emailing programs that turn them into spam sending robots.
- Malicious redirection. Your compromised website can also be used to redirect site visitors to unsavory or dangerous websites elsewhere on the Internet.
- Distributed denial of service (DDoS). This is when an attacker sends more traffic to a web site than it can handle, and this causes the web server to crash, and the web site to be unavailable. Typically, the attacker employs thousands of infected computers organized in a botnet to generate the required traffic load. You may be the target of a DDoS attack, or if your server has been compromised, you may be one of the bots.
- Blacklisting. This happens when your infected website operates in a compromised condition for enough time to come to the attention of Google or one or more of the security software companies. Having your site blacklisted means that traffic to your site is intercepted by Google or the security company, and a warning appears on your visitor’s browser warning them that the site is unsafe. It can take 24 hours or more to be removed from a blacklist, and this will only happen if your correct the problems and clean up your site first.
None of us want our website to be used in criminal activity. The loss of traffic can impact revenues, and damage to our professional and business reputation can last for a long time. One of the easier solutions is using some sort of website security software. These products monitor your website for logins, and scan your code base for changes and known malware products. We have recommended WordFence, BulletProof, and Sucuri to our WordPress clients. Sucuri also works on Joomla, Drupal, Magneto, Microsoft .Net, oscommerce, Bulletin and phpBB sites too. Security software is never perfect, but I have seen these products in action on my websites, and it will either stop, remove, prevent, repair, or at the least warn you that your site is under attack or has been compromised in some way, and they provide tools to help you restore your code to a clean condition.