In this post we present some of the signs that may indicate that our website has been attacked, infected or compromised. In addition, we give prevention advice to minimize the risk.
Whether the website is a key extension of our business or a personal journal in digital format, its integrity and security is of paramount importance.
If we have data from third parties, such as newsletter subscribers or forum participants, we have a responsibility to protect your data. In the case of an online shop, where you enter payment method data, addresses and contact details, the responsibility is even greater.
The SSL Certificate
An SSL certificate is the first step to make the online shop and the network in general more secure. We go into the details of what a certificate entails and the different types of SSL certificates in this post.
How to know if our website has been attacked
In addition, it is mandatory to know the good use of emailthat we're talking about here, and the safe surfing. In this post we explain, in general terms, what the malware and the types of damage they can cause.
Once all precautions have been taken, and all components are kept up to date at all times, there is another step - recognizing attacks when they occur.
How to detect anomalies
Without a doubt, a cybersecurity specialist identifies anomalies and takes action in much less time than others. We propose below a knowledge base, which can be expanded as needed, to recognize anomalies in the shortest possible time.
Thus, measures can be taken, by the hand of an expert, to reduce the damage.
It is recommended that the following website checks with some regularity:
- Has the appearance of the website changed?
- Does it show different characteristics or actions than usual?
- The IP addresses of the last connections to the FTP server that stores the assets must match some of the addresses known to the web owners
- The website connection log file saves access to the site for all connections received. In this file you can see all the web activity and requests received.
- The list of files on the site can be compared with those of previous days to find out if any unwanted or unauthorized changes have occurred.
- The root directory and all its subdirectories allow you to browse the web files through the manager. Through the control panel you can search for modified, unknown files that should not be there.
- The pre-established permissions on the web files must be checked for unauthorized changes.
The source code
Finally, the source code of the website should be reviewed. This can be done by comparing it with files from previous days' backups to discover new or changed items.
A malicious script is often used to redirect visitors to another site. They are "injected" into the web content, server files, images or pdf documents.
Other times instead of injecting a complete script into the page, they just inject a pointer. to a file, stored on the server.
In addition, code obfuscation can be applied, making it difficult to detect through the antivirus.
A hidden iframe is a section of the website that loads content from another page. It is common for these iframes not to be displayed on the visited page, so that the malicious content loads even if the visitor does not see it.
In general, detecting threats and attacks consists of looking for suspicious elements, which should not be or have been modified. Detecting strange or suspicious behaviour allows you to take action as soon as possible and reduce the response time.
In a large number of cases, the first sign we get that our website has been attacked comes from the hosting we have contracted. Many of them offer a malware detection service through which they analyze the website, put in quarantine those files that have been compromised and warn the client that something has happened. In a large number of cases, this type of service is free for the user.
Although this is a good way to detect that something has happened, it should not be considered as the first option since, depending on the type of attack, the security and analysis tools provided by the hosting are not able to detect all kinds of threats, so it is always good to combine it with security plugins and other tools.
When choosing the plugins, you should study which is the best one offered for a particular platform and carry out the configuration of the same taking into account what is mentioned below.
On the Internet, there are a number of tools available by subscription that perform a scan of the website. Depending on the rate to be contracted, the tools offer a greater or lesser number of elements to be analysed. In addition, it is possible to choose a customized plan, where the user decides which elements of his website he wants to analyze. It is worth mentioning that this type of tools are focused on the analysis of CMS like WordPress, Joomla, Prestashop or Drupal.
Security tips for a safe website
Having a preventative plan reduces the danger of attack. Although 100% protection is not guaranteed, it is important prevention work that makes attacks difficult.
Some of the measures are common to other posts in this cyber security seriesWhile some are specific to the management of a website.
From the antivirus, to the plugins and the CMSThe software updates help correct security flaws. You can activate the automatic update or you can request to be notified by e-mail about the availability of published updates.
In the event that several users have access to the website, you must define the type of permit required for each to execute their tasks. It is not recommended to assign the role of administrator to all users, but to limit it only to those who really require this type of permission.
This also applies to the file permissions. You can limit the permission to read only, create and modify or execute program or script files.
Use consets that are strong. It is not recommended to use the admin/admin type combination for login. Passwords should be complex, long and unique.
CLU passwords - complex, long and unique
Limit login attemptsIf you have a valid username and password, a good option is to limit the login attempts to 3 failed times, so in case someone wants to log in and puts username and password wrong 3 times, they will have to wait a while to try again.
CLU passwords - complex, long and unique Click To Tweet
The CMS comes with a default configuration, which should be reviewed to implement the most secure configuration possible.
Extensions should be chosen carefully and always from reliable sources. Each additional extension is a new opportunity for attack. When choosing extensions, it is advisable to look at reliability indicatorsas are the number of downloads and the latest date update.
Frequent backups pThey allow you to compare files and detect anomalies. In the event of an error, they can be used for restoration that can limit the damage.
Execute comprehensive audits with a certain frequency allows to find anomalies and vulnerabilities that are not detected on a daily basis. The sooner they are discovered, the sooner action can be taken.
They can be carried out by an external company specializing in cyber security. When in doubt, it is always advisable to consult a professional.
If you want to learn more about websites, check out our courses.