Protecting your site from malware

Malware is on the increase – and it’s not just your desktop PC that’s at risk of infection.

We all know how vital it is to keep our desktop computers up to date with the latest patches, updates, virus definitions and so on. But many forget that their webserver, and the software that runs on it, could also be prone to exploit and attack by unsavoury cyber-hackers.

Irish website owners need to be vigilant that their sites aren’t being compromised by unscrupulous hackers and malicious code.

We take care of most updates for you

At LetsHost the security of our servers, and your website, is a top priority. We’re constantly vigilant, and follow industry best practice when it comes to our server security set up.

All relevant patches and security updates are applied to all of our server software as soon as they become available, and we stay up-to-date with the latest security news, upcoming threats and solutions, giving you peace of mind.

There are, however, a few steps you, as a hosting customer, can take to help us make your website even more secure.

  • Choose a secure account/FTP password: this is the number one route by which any hosting account is compromised. Use a long enough password (at least eight characters) with a mix of capital and lower case letters, numbers and special characters. Don’t make it easy for them.
  • Keep your software up to date: there is a lot of software out there that makes running your website a lot easier – content management systems like WordPress, Joomla or Drupal, for example. Periodically these projects will release software updates, many of which contain security patches for vulnerabilities discovered in the code. APPLY THESE UPDATES DILIGENTLY as soon as they’re released to help keep your site secure.
  • Choose third party content wisely: if you choose to share third party content (widgets, ad-placements, etc.) on your site, make sure they are coming from a reputable source, and that you’re happy the code you voluntarily drop into your site is only doing what you expect it to do.
  • Look out for suspicious activity: everything that happens on your webserver is recorded in your server log files… make a habit of scanning them periodically for anything that looks suspicious or out-of-place – such as redirects or links to IP addresses or domains you don’t recognise.
  • Keep an eye on Google Webmaster Tools: if Google indexes your site and finds malicious code it will typically flag the offending pages as potentially dangerous to users. It will also flag those pages in Google Webmaster Tools for the afflicted domain, letting you know which pages on your site are compromised (look under “Diagnostics > Malware”).

What if my site has been hacked?

Having well maintained servers like LetsHost’s, and applying diligent account management practices, will help keep your hosting account malware free, but hacking can still happen.

If it happens to you the best thing to do is to take your site offline as soon as you notice a problem, and follow this advice on removing malware from Google’s Webmaster Central blog, or contact the LetsHost Support team for advice and assistance.

Tags: ,