Abstract: More than 6,600 new websites get added only to the Google malware blacklist on a daily basis. These compromised websites are added to this blacklist as they are reported to distribute malware.
Thousands of websites are getting blacklisted on a daily basis. Blacklisting occurs as a result of getting hacked, and web-malware code getting injected into the website without the permission of the website owner. Most of these hacked, and subsequently blacklisted, websites are legitimate businesses, online portals, academic sites, entertainment outlets and more. In this article we provide some best practices to help staying safe and stave off the scourge of blacklisting and stay off Google’s Safebrowsing blacklist.
Why do sites get on a blacklist: Because they get hacked.
Malicious hackers and automated bots will infect the websites with malicious computer code, e.g. web-malware. In order to protect web surfers, security companies, search engines, browsers manufacturers will prevent users from visiting these compromised sites. Websites may also land up on blacklists for a number of other reasons. Some of these other reasons stem from the fact that websites that get hacked are often used to launch spam and phishing campaigns, and are used to send out emails to Internet users trying to convince them to visit a fake banking site, buy pharmaceutical drugs or something similar.
How do sites get hacked:
Websites can get hacked and compromised in many ways. We will discuss some of the primary reasons briefly.
(1) Poor choice of passwords (Brute Force attacks) – A lot of website owners use simple passwords. Consider the fact that in a large scale password analysis study in 2011, 123456 was found to be one of the most common passwords used. Users should also try to set up non trivial user names, such as av21bx instead of Alex.
(2) Insecure FTP connections, password sniffing – A plethora of infections are injected into websites after the password and username used to connect to a site using FTP is sniffed by a silent trojan/rootkit that has been embedded on a computer of a website administrator. Once passwords and username are obtained these are passed on automatically to an IRC chat room where a master controller accesses the website and starts to infect the website with web-malware.
(3) Web-Application vulnerabilities – A lot of websites use web 2.0 functionality , primarily to iterate with users. These functionality can be in the form of letting users blog on theist, post comments, sign up for newsletters, fill out a support form, a livechat session and much more. These are all avenues for a malicious hacker to inject malicious code into a website.
(4) Server level vulnerabilities – A large number of webserver in the Internet run vulnerable software such as easily hack-able FTP servers and other software. A lot of times event hough website and server administrators know about vulnerabilities in the server software they forget to patch these security holes and then can get hacked. These issues are primarily related to server set up and configuration. Improper permission settings can also allow malicious hackers to get access to files they should not have access to.
(5) Third party addons – A growing trend is the use of third party addons into websites to provide more interesting functionality on a site, such as dynamic IP geolocation, image resizing and such. These third party pieces of code may harbor vulnerabilities that the original website owner may not even be aware of.
Essential tips to protect your website:
– Change over from using FTP to a more secure solution like ssh/SCP/SFTP
– Never store credentials on your local PC, using a software like Filezilla
– Constantly check your website for any web application vulnerabilities, and malware code, just in case some thing bad happens, you can prevent infecting your visitors.
– Make a list of all third party plugins and update them regularly, only install reputable ones
– Use strong passwords, and make sure you scan your local PC with more than one Antivirus engine, regularly