My website has been infected with malware three times in the last few month - I suspect that it is being done deliberately by someone who repaired my computer some time ago.
How can I detect the source of the malware and what is the best way to protect my website from these repeated attacks?
Any and all suggestions welcome.
Thanks.
DJ
After finding or suspecting a malware/junkware/adware infection, I typically do this:
Now–this won’t do anything for your website–just your computer.
As for your website, are you using a CMS and keeping it up-to-date? Are you following recommended security practices? Have you changed all of your passwords?
If you seriously suspect someone - who recently repaired your computer - is deliberately adding MalWare to your website, I would assume they snatched your login information (FTP credentials and, perhaps, cPanel) while it was in their hands - I recommend you change ALL PASSWORDS.
This is the real danger of allowing your browser to ‘remember’ passwords, for example.
Thank you so much for these very useful tips and information that I will look to implement right away.
I have a Wordpress website which I understand is prone to malware attacks. Luckily, my website hosting service has, to date, been very helpful and supportive when in relation to helping me to clean up the site when it gets infected, but I want to learn how to ‘do it myself’ as I fear they may eventually get-up with the repeated attacks.
The problem is that I am not very ‘tech savvy’ so find dealing with the problem a bit of an uphill struggle. - still it can only get easier and clearer with time and practice.
I change my passwords etc. regularly but the problem keeps re-occuring every couple of weeks or so.
I have a Wordpress website which has been infected with malware three times in the last few month - I suspect that it is being done deliberately by someone who repaired my computer some time ago.
How can I detect the source of the malware and what is the best way to protect my website from these repeated attacks?
Any and all suggestions welcome.
Thanks.
DW
Make sure you are using the latest version of Wordpress.
Check any 3rd party plugins for insecurities and always keep them updated, it’s worth removing plugins you no longer need.
There are many articles about securing WP, such as http://webdesignerwall.com/general/how-to-protect-wordpress-sites
Sure to be some redundancy with the previous link, but there’s always the codex.
http://codex.wordpress.org/Hardening_WordPress
DW,
I had installed WP for a client but the client refused to check for updates on a daily basis so it was hacked - presumably by “script kiddies” that find a new WP hack and go “have fun” defacing others’ websites. The ONLY way to secure WP is to:
Limit access to your admin area (renamed, of course) using a STRONG password (http://strongpasswordgenerator.com). Be sure that ONLY your own login is in the database with admin privileges.
Maintain a master copy of your WP code on your own computer so you can replace defaced code.
Check DAILY for updates and update immediately. It’s a race to detect that a new hack has been found, for WP to generate a patch and for you to install the patch before you get hacked (it’s a losing battle).
Some people recommend secure(something) as a third party addon but I’d say that hackers can also create addons so limit your use of addons as much as possible.
If you can’t do these simple things, DON’T use WP (or any other CMS) as you must expect to be hacked … routinely.
Regards,
DK
You should use a strong AV like KIS and the most important is do not use any crack software.
I’m way late on this, but here’s my $0.03471 worth (I recently passed my Security+ exam).
The best password is a passphrase that has the following characteristics:
Passphrases like (don’t use any of these, these are just for example):
1 d0n’t 0wn @ c@R, AnYmor3!
%I_l0v3_My_k0mp\/T3rZ!!%$
&I’m ju5t g0ing t0 k33p tYp1ng Un7!l MY f1ngErs F@ll oF$
