Category: Website Protection (Page 1 of 3)

Malware Removal

Why Website Reinfections Happen

We all know someone who’s been in a difficult position following a security breach. They are rushing to assess the damage, while simultaneously repairing website functionality to limit the compromise. It’s a stressful situation, especially if you’ve had to deal with a compromise more than once. Unfortunately for some website owners this is a reality — shortly after the initial security breach, the website becomes compromised again. It leaves the website owner asking why their website is being targeted and how the website re-infection is happening.

The short answer is that it’s most likely due to unresolved vulnerabilities. While it may seem like you’ve been singled out and targeted by some menacing hackers, most of the time that isn’t the case. The majority of website compromises are preceded by automated campaigns that locate websites vulnerable to a particular exploit the hacker wishes to employ. The bottom line is, you aren’t the target that the hacker is singling-out, it’s the software on your website. There are a couple main culprits for this scenario.

Read More

What do the Pentagon and Facebook Have in Common? Website Security.

If you own or manage a website you’re probably focused on improving the look and feel of the site, its traffic, speed, and functionality. Is the security of your website a priority for you? For many website owners, it isn’t…until it gets hacked.

The consequences of a website hack can be detrimental to your company, including a hit to your brand’s reputation and bottom line. Large companies are well aware of this, which is why many have “Bug Bounty Programs” to reward website users for finding and reporting bugs, like exploits and vulnerabilities that live on their websites. There have been two popular bug bounty cases in the news lately with organizations you’re probably familiar with, the United States Pentagon and Facebook.

Read More

online privacy

Privacy Matters – Expect It. Respect It. Protect It.

Data Privacy Day (DPD) is an international effort held annually on January 28 to create awareness around the importance of privacy and protecting personal information. SiteLock has committed to being a DPD Champion to acknowledge and bring attention to the value and importance of privacy. This year, Data Privacy Day is all about respecting privacy, safeguarding data and enabling trust.

Read More

eCommerce

Here’s What You Need to Know about Your Web Applications This Holiday Season

Expect Increased Volumes

This year, 80% of consumers plan to spend as much or more than they did in 2014. Just on Cyber Monday alone, total sales made from consumers’ desktops reached $2.28 billion, up 12% from 2014. Mobile sales on Cyber Monday grew 53% from last year, with total sales reaching $838 million.

Read More

how to prevent security breaches

This Week in Exploits: Timestamps: Look, But Don’t Touch

This week we look at file timestamps, what they are, what they mean, and how bad actors can use them to their advantage when compromising sites. Timestamps can be a good clue as to what happened if a site was compromised. But are timestamps foolproof? Let’s find out what they are and see.

Read More

CAPTCHA That Form and Stop Email Spam

Don’t you love the feeling of customer inquiries in your morning inbox? So much interest in your site! You look closer at the emails and find they’re all from Michael – Michael Jordan, Michael Kors, Michael Vuitton – well, Louis Vuitton, but you get the point. Somehow, spambots found your form and blindly barraged your inbox with handbag and sneaker spam, or worse, adult content. How do you, a busy business owner, stop the spam while allowing legitimate requests? The good news is that you have a couple options – one is easy and the other, even easier.

Read More

What You Need to Know About the FancyBox for WordPress Vulnerability

websitesecurityFancyBox for WordPress is a plugin which provides stylized, Lightbox-like decoration for blog images. It’s a popular plugin with around half a million downloads, even though it hadn’t been updated in years. Posts emerged on the WordPress community support forum about malware injections and a vulnerability was discovered in the FancyBox plugin.

SiteLock scanners detected the malware — a Javascript payload with an iframe pointing to 203koko[dot]eu — before the vulnerability was known.

Here are three things to consider before moving forward with FancyBox:

Update FancyBox as soon as possible

The initial response to the FancyBox hack was to remove it immediately. Since the vulnerability released, the FancyBox developer released an update which corrects the issue and provides support for WordPress 4.1. If you’re uneasy about using FancyBox, Easy FancyBox is an actively developed alternative, though official Easy FancyBox support caps at WordPress 4.0.1.

Scan for Malware and Use a WAF

One of the best ways to secure your website is to scan for malware and vulnerabilities on a daily basis and use a Web Application Firewall (WAF). The WAF will block potential threats from entering your website (e.g. DDoS attacks) while the daily scans will identify malware and vulnerabilities that have been placed on your site.

Update your WordPress plugins and themes

WordPress has done a wonderful job facilitating near-painless backups for its users. Once you get to the late 3.x releases, upgrades are essentially automatic. But what about plugins? More plugins, more problems, as the saying goes. Sometimes it’s not easy to wrangle the compatibility issues which come with the amazing and broad capabilities plugins add to a WordPress site.

Take it one plugin at a time. Research the plugin’s compatibility with the WordPress version you have, and then test it (with the previously mentioned backup at the ready).

SiteLock’s team of experts, expert services and products constantly monitor site files and traffic for malicious indicators. As with FancyBox, we’ll continue to find and mitigate malware even before before a vulnerability becomes known.

 

Infographic: How to Beat a Web Hacker

Did you know that hacking was the number one crime Americans feared in 2014, above car theft, burglary and terrorism? Take a look at SiteLock’s new infographic below, for more web security statistics and five things you can do to mitigate cyber attacks.

SiteLock-HowToBeatAWebHacker-Infographic-v6_s

Ready to protect your website from hackers? Call SiteLock at 877.563.2791.

DDoS: How to Prevent Hackers from Overloading Your Web Server

DDoS AttackWeb security has become one of the hottest topics of the past few years, with cyber attacks originating in many forms. In 2014 alone, we had the Snapchat hack, Heartbleed, Shellshock, SoakSoak and many other attacks (you can learn more about each of them here).

Read More

5 Ways to Protect your Website from Malware

There are over 1 million new strains of malware created every day. One identified infection can get your website blacklisted by Google, who currently blacklists over 10,000 websites each day. Mind you, the malware need not even be on your site.

SMEs (Small to medium-sized enterprises) are unfortunately one of the largest targets of cyber attacks. On average, over 30,000 SME websites are targeted each day, and to make matters worse, nearly 60% of their IT professionals think they aren’t at any real risk of being attacked.

Don’t allow your business to suffer expensive cyber attack damages (which average around $50K per attack) — instead, be proactive in your web security efforts to prevent security threats, protecting you and your customer’s private data. Here are 5 tips to help you protect your website from malware and other cyber threats:

1. Updates and Patches

Is your website running off of a Content Management System (CMS) such as WordPress? A CMS can be an easy and cost-effective way to manage your business’ website, but they’re also large targets for cyber attacks.

Why? Many CMS platforms and plugins are often easy targets for hackers and allow backdoor access to your server and data (a recent example of this vulnerability was the SoakSoak attack that occurred last month). Make sure your system, plugins and themes are always up to date, strengthening your web security. Many CMS solutions will even automatically update files for you, if you choose.

2. Website Scanning

Many web viruses and other malware go unnoticed until it’s too late, due to their elusive nature. They can often be implemented with a simple one-line script, injected into the code of your website – made to look like normal code.

Website security scanning software can scan your website for existing malware and other harmful code that doesn’t belong, and notify you immediately of any threats. Our SMART (Secure Malware Alert & Removal Tool) software takes it a step further by automatically removing anything harmful – similar to what a virus removal software does for your PC.

3. Web Application Firewalls

Removing existing website threats is one issue, but keeping them from coming back is another. With over 1 million new malware strains created each week, your business’s website can potentially to be infected by a new virus every day.

Web Application Firewalls (WAF) can help prevent attackers from even visiting your site. How do they work? Let’s take our TrueShield WAF, for instance – it evaluates traffic based on where it’s coming from, how it’s behaving, and what information it’s requesting. Based on these and other criteria, the firewall will allow “legitimate” traffic (e.g. customers and search engines) access while blocking “malicious” traffic (e.g. spam bots and hackers).

Used in conjunction with a website scanning solution, a WAF can help provide around-the-clock, hands-free security for your business’s website.

4. PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS), or PCI for short, is a security standard that businesses must adhere to if they accept major credit cards. This compliance helps ensure that your business and customers are protected from cyber attacks and fraud by providing a documented, baseline security posture for your site. Failure to comply with PCI standards can result in direct financial damages, lawsuits, government fines and ultimately ruin brand reputation in the event of a data breach.

Fortunately, it’s not difficult to become PCI compliant. There are many solutions that walk you through the steps to help create your own customized PCI policy. Our SiteLock® PCI Compliance program takes it even a step further by scanning your site and network, and you can also add on our PCI-certified TrueShield firewall.

5. Strengthen Passwords

Even in 2015 the world is still using weak passwords. A strong password is one that contains over 8 characters, no dictionary words, has a mixture of uppercase and lowercase letters, and includes digits and/or special characters. Unfortunately, many of those boxes aren’t checked – allowing brute-force hacking techniques (repeated attempts to login to your website) to become effective.

It’s extremely important that you create a strong password for your website’s back end, since it can often times be an easy way into your private data. You should also advise your customers who have online accounts to do the same, to help protect them from future attacks. After all, it only takes seconds for a computer to crack a poorly created password.

Page 1 of 3

Powered by WordPress & Theme by Anders Norén