In this article, we will look into common attack vectors that are not covered by any web application firewalls or security plugins and how the Patchstack website incident response add-on that helps with website malware removal can save your time and money.
As a web developer or a website owner, it’s important for you to know that your sites are properly protected.
Unfortunately, the security landscape changes rapidly and some attacks might come from an unexpected source, which even advanced security products fail to address.
Phishing attacks and social engineering
It’s known for years that the weakest link is not the computer systems, but the people operating them.
One of the common phishing and social engineering techniques is to trick the user into entering a username and password (such as a website admin panel password) into a fake login form.
Social engineering is also used to send emails on behalf of someone else and trick you into paying fake invoices or making you download files that end up being malware.
Other use cases can be also getting you to share personal information, stealing credit card information, and more.
PS! Never re-use the same password across multiple accounts online. Hackers always map all your online accounts and see if they can access other accounts with the stolen credentials as well.
Read about how to implement secure passwords here.
Most large companies have witnessed an attack where the user data has been stolen and then sold on the dark web. Most of this data eventually becomes public information and is easily accessible for attackers.
If you’ve been re-using passwords, such leaks can give the attacker direct access to any of your accounts.
Linkedin, Myspace, 000webhost, Hostinger, WHMCS, WPSandbox, 8tracks, Adobe, Avast, Dropbox are just some of the many companies whose user data has been leaked. You can see the full list here.
Check if your passwords have been stolen here.
There are different malware types that eventually can give access to your website. Let’s cover the most common ones.
Stealing access from developers
Computers are constantly targeted with malware that stoles information. Development tools are often targeted as well.
There is known malware that is trying to steal FTP credentials from File-Zilla users and SSH keys to access your web server. As long as to computer is infected, it will continuously send the data from your development tools (Putty, File-Zilla, etc) to the attacker.
Keyloggers have been around for such a very long time, that we could easily call them “old-school”. Keyloggers are still being used by even government-sponsored attacks worldwide.
Keyloggers usually monitor your keystrokes, take regular screenshots of your desktop and send all that information again, regularly to the attacker.
How to recover from such attacks?
None of these attacks are targeted directly against your website. Website security products, hardening or other security plugins, etc. can’t prevent those attacks from happening. You still might need to perform website malware removal even if you have the most expensive security tool in use. But why?
Because the problems explained in this article are the ones you cannot fix with any website security tool or plugin.
You cannot block phishing attacks, because they are not connected to your website in general. There are no hardening settings to protect your website from computer viruses and so on.
But to keep your website secure, clean from malware, and out of blacklists you can do your part. We have explained in detail the biggest myths in website security and how you should approach security if you want to keep your website secure here.
Some tools allow you to reduce the risk, by limiting the access to the admin panel from a specific IP, so even if the credentials are stolen, the authentication can’t be completed.
You can do that for example from the Patchstack app and apply specific IPs for admin authentication across all your sites.
Website malware removal < incident response assistance
We offer incident response service which will cover the sites on all occasions (even if the site was not directly attacked).
We monitor the site we protect from a wide range of attacks, but if something happens, we will have our forensics team step in, collect the evidence, clean up the website and create a report to help you improve the security of your sites even more.