There has been a lot of malware attacks on hosting accounts recently and it is critical at this point for us to educate our web hosting clients and the general public.

It is very important to keep your installed scripts (like WordPress, Drupal, OS Commerce etc) updated regularly. From a recent post by WordPress’ development team:

How to Keep WordPress Secure

A stitch in time saves nine. I couldn’t sew my way out of a bag, but it’s true advice for bloggers as well — a little bit of work on an upgrade now saves a lot of work fixing something later.

Right now there is a worm making its way around old, unpatched versions of WordPress. This particular worm, like many before it, is clever: it registers a user, uses a security bug (fixed earlier in the year) to allow evaluated code to be executed through the permalink structure, makes itself an admin, then uses JavaScript to hide itself when you look at users page, attempts to clean up after itself, then goes quiet so you never notice while it inserts hidden spam and malware into your old posts.

The tactics are new, but the strategy is not. Where this particular worm messes up is in the “clean up” phase: it doesn’t hide itself well and the blogger notices that all his links are broken, which causes him to dig deeper and notice the extent of the damage. Where worms of old would do childish things like defacing your site, the new ones are silent and invisible, so you only notice them when they screw up (as this one did) or your site gets removed from Google for having spam and malware on it.

The same principle applies to some other open-source web programs. It is up to the web hosting account owner to take basic precautions and keep regularly update the password to the hosting account.

From stopbadware.org:

If you own or manage a website, you are responsible for that website’s security. Compromised websites can infect visitors with badware, and are commonly blacklisted by search engines, web browsers, and security vendors.

Many legitimate websites are the targets of malicious hacking attacks, during which code linking directly to badware is inserted onto an otherwise innocent, but poorly secured, website. Another common way that legitimate sites are compromised is through third-party content such as the ads provided by an advertising network, which can be used as vectors for the distribution of badware.

StopBadWare.org, offers a comprehensive report on how to secure your web hosting account and stay safe: http://stopbadware.org/home/security

StopBadware.org is a partnership among academic institutions, technology industry leaders, and volunteers, all of whom are committed to protecting Internet and computer users from the threats to privacy and security that are caused by bad software. We are a leading independent authority on trends in badware and its distribution, and a focal point for the development of collaborative, community-minded approaches to stopping badware. We invite you to join our community, to help reduce the impact of badware and to regain control of our computers.

No related posts.