A website that is not maintained on a regular basis can be infected, then slow down and start to use all resources, create e-mail problems, and stop working altogether. When your site does not work, it automatically spends your money because your business is waiting, people cannot contact you because they see a blank page on your site.
Chinese attack on the contact forms of outdated versions of Joomla
Here is one example from our practice. During regular monitoring, we saw a moment when the load of one of our shared hosting servers increased rapidly. At the same time, the space for the mails has reached an unusual amount of space.
We reviewed the situation and saw that the server blocked thousands of email messages and prevented them from being sent due to the detection of SPAM content. We went over and saw that Joomla sites with an already outdated version of 1.5 that has already known weaknesses are affected by the attack from IP addresses from China. It took us a couple of minutes to block all troublesome IP addresses, interrupt foreign processes and clean up e-mails. However, users who have not updated websites in the last few years now need much more time to do so because Joomla update is not available from 1.5 to the current 3.8 version.
In this situation, researching and cleaning the site can take a lot of time, even if the files are not damaged. If there is a damage to the files, it is necessary to hire developers, which can be as expensive as creating a new site. The point we are trying to make is that it costs more to repair and cleaning after site hacking than regular maintenance. Here’s how to save:
Update site scripts regularly
When the update is in question, you need to log into your administrator account once a month and run a complete update to download all the scripts and install the latest updates and security patches. Just check with your programmer if you can run updates on your own. If your site is installed so that the update can override customized settings, it’s necessary that your programmer manually perform the update so that everything goes smoothly.
If your site is on WordPress, you can run the update with a single click, while the same applies to plugins and themes you use:
Install security plugins
Security plugins bring additional features that protect your site from known attack scenarios, so your site will be safe. We have written about the security plugins for WordPress before, so be sure to read WordPress Plugins For Detecting Malicious Code And Protection. In this text, you can find several free solutions to protect the site and choose the one that suits you the most.
Scan your site and files regularly
Most security plugins have the option to scan the site and its files in real time or when you manually start the scan. A few advanced scanners also have the option to compare CMS files, themes, and plugins files with the original files in the official repository and thus detect the intruder. Perhaps the fastest solution is to use a security plugin with a scanning option such as Wordfence.
Transfer your site to a Dedicated server if necessary
Shared hosting is an excellent solution for sites and portals, blogs, and small businesses, but if you need extra security with dedicated fixes, special solutions, and security hardening, daily backups to a geographically remote location, you need a separate server. You can also read more about that here: Dedicated Server – why the dedicated server is the best choice for your business.
Start using the SSL certificate on your site
The biggest advantage of using SSL certificates is that all communication on your site is encrypted and therefore can not be read by third parties. This will not protect your site from the attack, but it wants data that visitors enter on your site. Since recently we have enabled our users to have a free SSL certificate that comes with each cPanel, while for more serious business we also have paid SSL certificates which are used by online payment sites, banks and corporations with special security requirements.
Take full responsibility for your site
On the side of hosting and server where your site is located, there are maximum efforts that ensure that the problem does not come from the server side. However, the weakest link in the security of your site is the site itself and the plugins that are on it. If some of the plugins are outdated or poorly configured, hacking may occur, because you have a “hole” for security directly on the site. Educate your site’s maintainers or hire someone to keep your site active, because it’s the only correct solution.
If you are not sure what to do, contact us
We have seen many critical situations, we have educated thousands of users and we actively work on monitoring and maintaining of many sites. We have experience in preventing and solving problems that have already arisen and we will gladly help you to prevent the problem and strengthen your business on the Internet. We also provide free consultation and we can help you to find and to choose the best solution for your site. Feel free to contact us using our contact page.