6 Ways Your Website Can Be Infected With a Virus

When website owners discover a virus on their website for the first time, the first question is, “How did I manage to get my website infected?”. And a good question that is, because every person who owns a website should know the pitfalls that are awaiting for them on the web.
Viruses on the website do not appear from nowhere. Malicious code is a result of a hacker’s attack. This means that your website or even your hosting account was hacked and infected. So let us look at the six most common reasons of a website’s virus infection.

1.Vulnerable scripts on the website

That is a common situation. Vulnerabilities are scripts that allow hackers to crawl into the control panel of the website.

To avoid this you should update your CMS regularly. There is no difference which CMS you are using. Be attentive and ensure that all released patches and updates were installed. Otherwise, you leave a possibility to get an access to your website’s files, database or admin panel easily.

Hackers know about the vulnerabilities of all the popular content management systems pretty fast, and thieves do not wait long to use that knowledge since it gives them an access to a dozens of websites. But even custom content management systems are frequently becoming victims because usually they are developed without much thought about safety.

There are three main ways hackers can use said vulnerabilities:

• Backdoors and web-shells upload
• Implantation of the virus into the website database
• Addition or removal of administrators, theft of access to the administrator’s panel

As a result, we will have viruses on the website. And those viruses may be the reason why the website is blacklisted by Google.

2.Hackers can infect the website through vulnerable plugins and templates

A lot of website owners may use free plugins and templates instead of legit ones. But almost every free copy of a theme or a template will contain a web-shell, backdoor, malicious script or any other “present” that a hacker left there.

If you are not experienced enough to clean the free template or plugin, the smart thing is to avoid them. Trust us, website cleanup and repair will cost much more than a new theme. Don’t let free templates and plugins lure you to major problems.

3.Password guessing (easy passwords)

This type of hacking is called brute-force attack. In this case, a hacker tries different password combinations to guess the correct password. This method is a huge threat to weak and unreliable passwords.

When the system asks a user to create a password, most users tends to  create trivial combinations. Don’t think that your pet’s name is a good password. We all have accounts in social networks.,and you might not remember that you’ve posted a photo with your dog and it’s name in the description. That’s why brute-forcing might be the easiest way to hack the website.

As Trustwave’s research has shown, more that a quarter of incidents related to security of the website happened because of weak passwords. During this research specialists analyzed 574 cases that happened in 15 different countries, and we are talking about your businesses now. mediocre . The most popular password was “Password1”. Obviously, users were much more worried about their comfort rather than the security of their website.

4.Interception or theft of FTP accesses

Working with accesses over an unsecure channel is a bad idea. While connected via FTP, your login and password are shown that way thieves can steal this data easily. It’s better to use secure channels while using email, visiting other websites and working via FTP.

5. Server or a hosting hack

One of the reasons why viruses appeared on the website is server or hosting hack. Here are two main things that can lead to such a problem:

• “Handmade” hostings. There are plenty of hostings in the Internet that offer their services. And among them you can meet so called “handmade” hostings. Owners of such hostings simply resell services of a biger hosting companies. Often, those owners lack experience and have no idea how to administrate their hosting safely. They do not care about software updates, creating backups of the hosted websites. They don’t really care about websites that use their cervices. That’s why such hostings become easy prey for hackers. Thieves can hack the websites easily. And in this case it’s useless to try and repair your website. The only option is switching to a different hosting company.
• Websites are hosted unsafely. You should understand that if you place several websites on one hosting account, infected website will infect the rest of the websotes. In this case you will need to scan and repair all of the websites instead of dealing only the hacked one. And we are sure you don’t want to spend so much time and money on it, right?

6. A dishonest contractor

Not every freelancer is decent. Sometimes specialists may leave some code in your website while working on it to have  access to it in future. Then they can use your website to earn extra money with the help of such services as Trustlink, Mainlink, Sape etc.

Every experienced specialist knows that there is no foolproof option that will protect your website forever. That’s why it is better to cooperate with  someone to ensure that your site won’t be hacked.

Cobweb team will clear, repair and protect your website from hacker attacks, and with the CWIS antivirus you can be sure that you will not become a victim.