Three Ways to Protect Your Web Site from Attacks

Posted by: Rod Kurtz on October 30, 2009

In the first half of 2009, security researchers detected that 77% of Web sites with malicious code such as viruses and data-stealing worms were actually legitimate sites hackers had infected. Additionally, 61% of the top 100 sites either hosted malicious content or lured unsuspecting victims from legitimate sites to malicious sites. But the big sites aren’t the only ones bad guys are targeting. The major attacks of the year, including Gumblar, Beladen, and Nine Ball, infected more than 160,000 Web sites altogether, and often targeted smaller Web sites.

Attackers target smaller sites because there is a perceived lack of security and lack of dedicated IT support to protect them from malicious intrusion. This often leaves small businesses defending against a disproportionate number of attacks. The danger for small businesses is that if your site is compromised with malicious code, you can be blocked by such browsing tools as Google Safe Search. This could prevent customers from being able to reach you, potentially interrupting Web revenue and dimming visibility. Few businesses can function with this type of interruption of Web services. Fortunately, there are a few easy steps small business owners can take to prevent their Web sites from being compromised by hackers.

1. Make sure your computers and systems are fully patched. Routinely check to ensure you have all software updates in place. For example, recent research shows that as many as 80% of users do not have the most up-to-date versions of Flash and Acrobat installed.

2. If you use forms or a database on your site, make sure you are not vulnerable to injections. This can be done through penetration testing, security tools, or security services that are now relatively commodified and inexpensive.

3. If you allow user-generated content on your Web site—such as allowing visitors to post comments, upload content, and so forth—make sure you scan what users are posting with real-time scanning tools and products that check for malicious links or spam. An example of a free tool that scans blog comments for spam is Defensio.

Dan Hubbard
CTO
Websense
San Diego

Reader Comments

Thomas J. Raef

October 30, 2009 6:33 AM

Nice article.

I would like to explain a little more about the importance of keeping your PCs clean and how it relates to website security.

This year has seen an incredible explosion of website hackings. Many of these are smaller sites.

While the stories that get all the press are the TJ Maxx hackings and other large scale cybercrime, the number of sites run by internet marketers, people looking to run online businesses, is gigantic compartively speaking.

How?

It's starts with infected PCs. You see, this year many anti-virus companies are running thin on resources. A few companies have reported getting as many as 30,000 new viruses a day. For every virus an anti-virus company receives, they have to create a signature which uniquely identifies that virus. Then it's tested, then it's put into the downloads for that day. Depending on when the update cycle is for your anti-virus software it might be days or a week before you are protected from that virus.

The new viruses are very adept at scanning files looking for FTP login credentials. FTP is the protocol used by most websites to upload and download new content.

Quite often the software used for FTP stores the username and password, so you don't have to type it in each time, in a plain text. The viruses know where these files are, seeks them out, reads the contents, sends the login credentials to a server which then carries out the website infection using valid login credentials.

Find out which programs store the login credentials in an encrypted form and you're safe - right?

No.

The virus also works by "sniffing" the FTP traffic leaving your PC. Sniffing is the process of actually seeing the traffic as it passes through wires.

FTP transmits all data in plain text so it's easy for a virus to "see" the username and password. I've created a video to show this:

http://www.youtube.com/watch?v=oYI1kssrrbc

You'll see how easy it is to view the FTP traffic and see the login credentials.

The solution here is to use alternate protocols: SFTP or FTPS if your hosting provider supports them.

So now you're safe - right?

You're on the road to recovery but not quite.

At times these viruses are designed to send the files from your PC. Instead of sending the login credentials to a server, the virus simply waits for you to upload your content to your website. At that precise moment, it injects the malicious code (malscript) into the file.

When you look at the file on your PC it's clean. By the time it gets to your website, it's infected and trying to infect every visitor to your site.

Solution there?

I don't know yet. I'm working on that one.

I just thought I'd elaborate on why it's important to keep your PCs clean if you want to keep your website clean too.

Marte Cliff

October 31, 2009 1:26 PM

Thomas - that's all way too technical for us ordinary mortals! We need guys like you to take us by the hand and show us HOW to keep our PC's clean.

Mike Grimme

November 3, 2009 10:14 AM

AMC Liquidators knows all too well how attackers go after relatively smaller companies due to a perceived lack of security and dedicated IT team. We were hit earlier this year and our entire site was taken down by Chinese hackers who were redirecting the traffic from our website (www.AMCLiquidators.com) to all kinds of other unrelated sites. It took us longer to resolve the issues than it would have for a larger company, but in the end, our website is now better protected against future attacks.

Great article!

Post a comment

 

About

Want to improve the way you run your business? Entrepreneurs, academics, and consultants from diverse industries offer practical advice on a variety of topics each business day.

To submit a tip for consideration, first check our archive of previous tips to make sure you're not repeating a tip someone has already contributed. Then send the tip to Small Business channel contributor Michelle Dammon Loyalka. Because of the volume of material she receives, she may not respond to each individual.

BW Mall - Sponsored Links

Buy a link now!