October 8, 2019 by Oliver Sild
In this article, we will look into common attack vectors that are not covered by any web application firewalls or security plugins and how website insurance and website malware removal guarantee can save your time and money.
As a web developer or a website owner, it’s important for you to know that your sites are properly protected. Unfortunately, the security landscape changes rapidly and some attacks might come from an unexpected source, which even advanced security products fail to address.
It’s known for years that the weakest link is not the computer systems, but the people operating them. One of the common phishing and social engineering techniques is to trick the user into entering a username and password (such as website admin panel password) to a fake login form.
Social engineering is also used to send emails on behalf of someone else and tricking you into paying fake invoices or making you download files that end up being malware. Other use cases can be also getting you to share personal information, stealing credit card information, and more.
PS! Never re-use the same password across multiple accounts online. Hackers always map all your online accounts and see if they can access other accounts with the stolen credentials as well.
Read about how to implement secure passwords here.
Most large companies have witnessed an attack where the user data has been stolen and then sold on the dark web. Most of this data eventually becomes public information and is easily accessible for attackers. If you’ve been re-using passwords, such leaks can give the attacker direct access to any of your accounts.
Linkedin, Myspace, 000webhost, Hostinger, WHMCS, WPSandbox, 8tracks, Adobe, Avast, Dropbox are just one of many companies whose user data has been leaked. You can see the full list here.
Check if your passwords have been stolen here.
There are different malware types that eventually can give access to your website. Let’s cover the most common ones.
Computers are constantly targeted with malware that stoles information. Development tools are often targeted as well.
There is known malware that is trying to steal FTP credentials from file-Zilla users and SSH keys to access your web server. As long as to computer is infected, it will continuously send the data from your development tools (Putty, File-Zilla, etc) to the attacker.
Keyloggers have been around for such a very long time, that we could easily call them “old-school”. Keyloggers are still being used by even the government-sponsored attacks world-wide.
Keyloggers usually monitor your keystrokes, take regular screenshots of your desktop and send all that information again, regularly to the attacker.
None of these attacks are targeted directly against your website. Website security products such as WAF’s (Web Application Firewalls), security plugins, etc. can’t prevent those attacks from happening.
Some tools allow you to reduce the risk, by limiting the access to the admin panel from a specific IP’s, so even if the credentials are stolen, the authentication can’t be completed. You can do that for example from the WebARX portal and apply specific IPs for admin authentication across all your sites.
We offer Website Malware Removal Guarantee which will cover the sites on all occasions (even if the site was not directly attacked). We monitor the site, our WAF protects it from a wide range of attacks, but if something happens, we will have our forensics team step in, collect the evidence, clean up the website and create a report to help you improve the security of your sites even more.
You can get the website malware removal guarantee on your website simply by registering up here.
Protect your websites from malicious traffic - set-up in under 3 minutes.
WebARX is compatible with the following platforms: