Business Security Information

This week, news has come out regarding another wave of attacks against websites.  As of the last report from Websense, over 40,000 websites have been compromised.  The attacks have mainly targeted websites of small businesses.  When people try to visit the small business websites, they are directed to a site that appears to be Google Analytics but is actually a misspelled web address such as googleanalytlcs.net where an “l” not an “i” is used.  The person visiting the website is then redirected to a beladen.net domain where a variety of attacks are tried, and, if successful, a variety of malware is loaded onto the person’s computer.  As noted in previous articles once the malware is installed on the computer, it can be remotely controlled by the attacker.   As a small business owner of a website, you really don’t want your website redirecting your customers or potential customers to a site where their computer(s) will become infected with a variety of malware (bad software).  This is never good for business.

It is suspected that the websites were compromised by the attackers getting the sites’ FTP login information including passwords through the use of key logging software installed on the computers of those who maintain these sites with the use of Trojan software, or the FTP passwords were cracked using automated tools.  It does not appear SQL injection attacks were used to compromise the websites.  Either way, log-in information appears to have been obtained for FTP access to the websites.  To better protect your website against such a compromise, I would suggest a few items.

1. Use strong passwords when you setup your web host account.
2. Change your passwords periodically.
3. Set up a secure (SSH) FTP connection to your web host’s web server.  Most FTP clients allow you to setup a secure FTP connection just by choosing the secure option and putting in the correct port.  Secure FTP usually uses port 22, but your web host may use a different port so check with them before setting the FTP client up for a secure connection.  Also, make sure the server is set up to allow secure FTP connections.  If your webhost does not, I would look at switching webhosts.
4. I would also get a SSL certificate for my website and have all log-ins such as the webmail and main log-in for your site be redirected through the SSL connection.  This way your log-in information is encrypted when being sent across the internet instead of in plain text.  You can tell if the log-in web pages are encrypted because the site will have HTTPS instead of HTTP in front of your domain or website address.

Securing a website requires more than following those simple steps,  but they should help protect your business and your website against the type of attacks noted in the first part of this article.  These type of attacks occur more often than you may think so do all you can to protect the reputation of your business and your website.  You want your customers coming back, not running from your site in fear or anger.

Related posts:

1. cPanel CSRF Security
2. Phishing Update
3. Clampi Malware Protection