Do you really think that only popular websites are affected by hacker attacks? Com’on, in fact viruses and hacking scripts can attack any web resource. We advice you to take care of your website anti virus protection (against the penetration of shells, dumper, backdoors and other malicious scripts).
Before you look for ways to protect the website, you have to understand what is the route of “infection”.
- your PC may be infected by the virus that is able to find out FTP passwords and then transmit them to a hacker or redirect on the server that distributes viruses. The infection can threaten both personal PCs and the computers of users that have access to the server via FTP.
- Brutforce attack to select the FTP server password automatically.
- hacker scripts can penetrate your website due to vulnerabilities in scripts or CMS (WordPress, Joomla, Drupal, phpBB, etc.).
- unlicensed scripts, “nulled” or pirated scripts and CMS usage is very dangerous. Pirated versions may contain Shells or other malicious scripts.
- open storage or transmission of passwords from the server or control panel.
It`s not possible to completely eliminate the threat of website virus infection, because any software may contain vulnerable scripts that can serve as a gateway for the penetration of shells, dumper, backdoors and other malware. Another cause of the hacker attacks can be the negligence of the user that may not comply with security measures for the storage and transfer of accounts to access the website or FTP server.
We have developed recommendations to minimize the threat of the hacker attack.
- Ensure the safety of confidential information (as usual, hackers are interested in getting the FTP account, control panel or e-mail data). One of the most common user errors is to store data in the email archive or in text files on the hard disk. it is also desirable to use an FTP Manager or repository browser to remember passwords. Remember, the best way to store passwords is to use special password managers, e.g. LastPass or KeePass.
- Make it a rule to change passwords regularly. Do it once per month at least, or even more often. Be sure to change your passwords if there is a need to give access to unauthorized persons who serve your website (SEO specialists, web-masters, web developers, etc.).
- It is preferable to avoid usage of the regular FTP connection, use secure SFTP and SCP connections. We strongly recommend FileZilla and WinSCP programs to work with the server.
- You must scan your PC for viruses, Trojans and other malware. Install a commercial antivirus, whose database will be updated regularly to have a high-quality check.
- Trojan can get to the website with pirated or “nulled” scripts (malicious Trojan code can be embedded in the script as a virus, backdoor or Shell-script).
- Connect your website to webmaster.yandex.ru panel. Yandex monitors your website work constantly and alert you in case of any suspicious scripts by firstname.lastname@example.org.
- Remember that the CMS must be regularly updated (don’t forget to install patches, upgrade CMS versions).
- Do not forget to take care of your website backup on the local PC. Making a backup via FTP it is possible to detect malicious scripts, because all downloaded files are checked by anti virus. In case of malware detection you get instant notification.
- The best guarantee for your website security will be the anti virus scanning provided by the web hosting company. This service is rare among web hosters, so pay attention to this when signing the contract. For example, Unihost.com provides constant monitoring of the files on web hosting to find out viruses or other malicious code (the check is done using clamav program). To prevent the Brutforce attacks we block constant authorization requests to CMS. In addition, for a nominal fee of $1 we provide our customers with useful step-by-step instructions on how to remove any viruses on the website safely (without damaging important data). Our specialists do their best so you receive only those recommendations that really work!