• 0
      1. Tu carrito está vacío.
    • artículo(s)0,00

How to know if our website has been attacked

September 4, 2020
September 4, 2020 Conecta Software

In this post we present some of the signs that may indicate that our website has been attacked, infected or compromised. In addition, we give prevention advice to minimize the risk.

Whether the website is a key extension of our business or a personal journal in digital format, its integrity and security is of paramount importance.

If we have data from third parties, such as newsletter subscribers or forum participants, we have a responsibility to protect your data. In the case of an online shop, where you enter payment method data, addresses and contact details, the responsibility is even greater.

The SSL Certificate

An SSL certificate is the first step to make the online shop and the network in general more secure. We go into the details of what a certificate entails and the different types of SSL certificates in this post.

How to know if our website has been attacked

In addition, it is mandatory to know the good use of emailthat we're talking about here, and the safe surfing. In this post we explain, in general terms, what the malware and the types of damage they can cause.

Once all precautions have been taken, and all components are kept up to date at all times, there is another step - recognizing attacks when they occur.

 

How to detect anomalies

Without a doubt, a cybersecurity specialist identifies anomalies and takes action in much less time than others. We propose below a knowledge base, which can be expanded as needed, to recognize anomalies in the shortest possible time.

Thus, measures can be taken, by the hand of an expert, to reduce the damage.

It is recommended that the following website checks with some regularity:

  • Has the appearance of the website changed?
  • Does it show different characteristics or actions than usual?
  • The IP addresses of the last connections to the FTP server that stores the assets must match some of the addresses known to the web owners
  • The website connection log file saves access to the site for all connections received. In this file you can see all the web activity and requests received.
  • The list of files on the site can be compared with those of previous days to find out if any unwanted or unauthorized changes have occurred.
  • The root directory and all its subdirectories allow you to browse the web files through the manager. Through the control panel you can search for modified, unknown files that should not be there.
  • The pre-established permissions on the web files must be checked for unauthorized changes.

The source code

Finally, the source code of the website should be reviewed. This can be done by comparing it with files from previous days' backups to discover new or changed items.

Introductions of textsThe injection of iframes or links JavaScript.

The script

A malicious script is often used to redirect visitors to another site. They are "injected" into the web content, server files, images or pdf documents.

Other times instead of injecting a complete script into the page, they just inject a pointer. to a file, stored on the server.

In addition, code obfuscation can be applied, making it difficult to detect through the antivirus.

 

The Iframe

A hidden iframe is a section of the website that loads content from another page. It is common for these iframes not to be displayed on the visited page, so that the malicious content loads even if the visitor does not see it.

In general, detecting threats and attacks consists of looking for suspicious elements, which should not be or have been modified. Detecting strange or suspicious behaviour allows you to take action as soon as possible and reduce the response time.

attacked website

 

The hosting

In a large number of cases, the first sign we get that our website has been attacked comes from the hosting we have contracted. Many of them offer a malware detection service through which they analyze the website, put in quarantine those files that have been compromised and warn the client that something has happened. In a large number of cases, this type of service is free for the user. 

Although this is a good way to detect that something has happened, it should not be considered as the first option since, depending on the type of attack, the security and analysis tools provided by the hosting are not able to detect all kinds of threats, so it is always good to combine it with security plugins and other tools.

When choosing the plugins, you should study which is the best one offered for a particular platform and carry out the configuration of the same taking into account what is mentioned below.

 

Online tools

On the Internet, there are a number of tools available by subscription that perform a scan of the website. Depending on the rate to be contracted, the tools offer a greater or lesser number of elements to be analysed. In addition, it is possible to choose a customized plan, where the user decides which elements of his website he wants to analyze. It is worth mentioning that this type of tools are focused on the analysis of CMS like WordPress, Joomla, Prestashop or Drupal.

 

Security tips for a safe website

Having a preventative plan reduces the danger of attack. Although 100% protection is not guaranteed, it is important prevention work that makes attacks difficult.

Some of the measures are common to other posts in this cyber security seriesWhile some are specific to the management of a website.

Software Updates

From the antivirus, to the plugins and the CMSThe software updates help correct security flaws. You can activate the automatic update or you can request to be notified by e-mail about the availability of published updates.

User accesses

  • Permit Types

In the event that several users have access to the website, you must define the type of permit required for each to execute their tasks. It is not recommended to assign the role of administrator to all users, but to limit it only to those who really require this type of permission.

 

  • File permission

This also applies to the file permissions. You can limit the permission to read only, create and modify or execute program or script files.

 

  • Passwords

Use consets that are strong. It is not recommended to use the admin/admin type combination for login. Passwords should be complex, long and unique.

CLU passwords - complex, long and unique

 

  • Login attempts

Limit login attemptsIf you have a valid username and password, a good option is to limit the login attempts to 3 failed times, so in case someone wants to log in and puts username and password wrong 3 times, they will have to wait a while to try again.

 

CLU passwords - complex, long and unique Click To Tweet

 

The CMS

The CMS comes with a default configuration, which should be reviewed to implement the most secure configuration possible.

 

The extensions

Extensions should be chosen carefully and always from reliable sources. Each additional extension is a new opportunity for attack. When choosing extensions, it is advisable to look at reliability indicatorsas are the number of downloads and the latest date update.

 

The backups

Frequent backups pThey allow you to compare files and detect anomalies. In the event of an error, they can be used for restoration that can limit the damage.

 

The audits

Execute comprehensive audits with a certain frequency allows to find anomalies and vulnerabilities that are not detected on a daily basis. The sooner they are discovered, the sooner action can be taken.

They can be carried out by an external company specializing in cyber security. When in doubt, it is always advisable to consult a professional.

 

cyber security series for ecommerce hosting secure web hosting

 

If you want to learn more about websites, check out our courses.

wordpress course

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get in Touch
newsletter

Subscribe to the newsletter on ecommerce and digital transformation

Trends, guides
and latest news in ecommerce
technologies.

And receive the first chapter of our book
«Connect your business- The digital transformation of sales»

newsletter
Get in Touch
Contact
connect-logo-white-retinue

Product

Info

Support

Connect your business.

Branding

In HUB 360 you will find all the technology and services for your e-commerce strategy.

Ecommerce

Integra tu ecommerce con tu ERP sistema de gestión y todos tus canales para vender online.

Analytics

BI Studio dashboards are your next generation business intelligence tool.

922-014-341

Proyecto Cofinanciado por el Fondo Europeo de Desarrollo Regional. Beneficiario: Conecta Software Soluciones SLU. Nº expediente: EATIC2019010001. Inversión Aprobada: 173.800,00 €. Comienzo: 01/04/2019. Finalización: 30/09/2020. El presente proyecto tiene como objetivo el desarrollo de una capa de usuario multilingüe y dashboards para entornos web y windows de solución de Business Intelligence.

Project co-financed by the European Regional Development Fund. Beneficiary: Conecta Software Soluciones SLU. File number: PI2019010001. Approved Investment: 6,444.80 Start date: 17/10/2018. Completion: 16/10/2019. The present project aims at developing a connector software that automates the generation of virtual catalogues so that the company can offer in its Online Store products with a wide description and with images that make the user experience richer and more complete.

2020 ALL RIGHTS RESERVED. CONNECT SOFTWARE

Contact
English (UK)
English (UK) Español Deutsch