|Preventing "code injections"|
post about preventing malware code injections
| 5:20 pm on Jul 28, 2010 (gmt 0)|
I am a rather amateur webmaster. I built my website using soholaunch website builder and update it regularly via the same website builder. Recently, while traveling,
some miscreant indulged in "code injection" with my website. Next thing I knew, google started reporting my website as an attack site. It was a few weeks before I could address the issue since I was on a hectic travel schedule. This episode killed around 60% of my website's visitor traffic. I got the malware removed and had google recrawl my site but the damage in terms of visitor traffic has been hard to reverse. I definitely want to prevent an episode of this sort in the future. If any of you have advice on what I can do prevent this, it would be great if you could share your ideas with me. Thank you in advance.
| 7:39 pm on Jul 28, 2010 (gmt 0)|
|Recently, while traveling |
Many bad scenarios are directly related to the security of your connection (user name, password or emails caught along the way you and your connection).
Anyway the sad thing is each content management system has its own pros and cons on security even as they are updated with regularity. So every CMS would have its own issues and recommendations.
So far, in general, take care from where you connect to your system, change usernames and passwords with regularity (and use safe passwords), also keep your cms up to date, to the last version and check the vulnerabilities of each version. Check your site very often, some hacking actually happen on shared servers.
| 5:06 am on Jul 29, 2010 (gmt 0)|
Thank you for your prompt acknowledgment of my post. According to my web hosts, if the hacker had got hold of my password, he (I am assuming it is a "he" since I cannot females being that insensitive!), he could have done a lot worse than simply injecting malware-related code on to my website. Furthermore, I have the latest version of the website builder I use. That is the bit that bothers me. I get the feeling I took the required precautions and yet, the hacker was able to work around my protective mechanisms.
So let's assume, I cannot prevent this. Any thoughts on what I can do to minimize the downtime when the damage occurs? Any thoughts would be highly appreciated. Thank you one again for your prompt response.
| 4:16 pm on Jul 29, 2010 (gmt 0)|
|I have the latest version of the website builder I use |
I'm not familiar with the app you are using, but is not an isolated issue. Take per example Wordpress, they encourage people to update and there been times where the community says "don't upgrade to ver xx.22.x" as a security flaw was discovered and only updated versions are being affected. So on a the version side we are never 100% sure we are safe.
Sometimes the problems are related to the templates or themes or even the widgets you insert on your page (third party).
|So let's assume, I cannot prevent this. Any thoughts on what I can do to minimize the downtime when the damage occurs? |
Backups are an option so you can restore your info anytime, the key is to keep constant backups. Perhaps your app has this option, if not, check your hosting panel which usually has "account level" backups or contact your hosting provider. Static sites are easier, but sites using databases involve backing up the database too.
Very often the support does little to solve the mystery of where and how was the attack. Check for server antivirus on your admin panel too, it helps to detect trojans and code injections, and check your server files with regularity.
Unfortunately there is no easy way to keep files safe. Many here advice avoiding shared hosting but each case is different.
| 5:03 pm on Jul 29, 2010 (gmt 0)|
pranavc, when traveling, did you access your site via a public wi-fi system? Or were you updating your site via 3G or some other form of connection?
Backups are of course mandatory, you should back up your database and your home directory on a regular basis. The problem I see is how you are accessing your site to replace an infected site with a backup. You should always be updating your site via a secure connection.
| 4:49 am on Jul 30, 2010 (gmt 0)|
Thank you so much for your suggestions. I do need to be more disciplined when it comes to capturing backups. I have to confess not doing this nearly as often as I should. I will also check for server antivirus.
Hey travelin cat,
I actually never accessed my site via a public wi-fi system. The only time I accessed it via wi-fi was at a house in Croatia. It was a secure wireless network (at least I think it was!). Interestingly enough, my site got reported as an attack site a few days later. I was not updating via 3G. I will definitely avoid updating the site via an unsecure connection.
Thank you so much!
| 1:01 am on Sep 2, 2010 (gmt 0)|
Hi pranavc, I'm not familiar with Soholaunch, but I've had the experience of a code injection attack with another cms. For that cms, there were .htaccess recommendations and additional extensions that helped prevent attacks.