You type in your website address and it won’t come up!
I have just recently had this experience. My first thought is that the hosting servers were down so I got in touch with tech support. No that wasn’t the problem the servers were up and running. The news they shared was during the nightly virus/malware scan within one of my data folders there was a malicious malware. My site had been put on suspension so that it would not spread. New experience for me and one that prompted me into proactively seeking a solution. How did it happen? I’m just not sure so deletion of the folder via FTP was first and foremost so I could get my website “live” again. Passwords changed on accounts and FTP. Desktop computer fully scanned by Avast and Malwarebytes in case it came from my end.
All that being said I’ve found some good tips to share with you so you can hopefully avoid the experience I’ve had.
The majority of website security breaches are not to steal your data or deface your website, but instead attempts to use your server as an email relay for spam, or to set up a temporary web server, normally to serve files of an illegal nature. Almost all of this hacking is done by automated scripts. I have to ask myself “Don’t these people have anything better to do?”
- Keep your software up to date
On the Hosting side of things your hosting company should keep up with software and security updates. If you are using CMS, for example WordPress when you login to your Dashboard you will see if there are updates for your plugins. A lot of the updates are regarding security patches. Don’t procrastinate on these as they are website security holes that hackers will be quick to take advantage of. - XSS
Cross site scripting is when an attacker tries to pass in JavaScript or other scripting code into a web form to attempt to run malicious code for visitors of your site. When creating a form always ensure you check the data being submitted and encode or strip out any HTML. - Error messages
For example if you have a login form on your website use generic error messages such as “Incorrect User Name or Password” by following those protocols the user signing in won’t know if they have gotten half of it right thus allowing them to focus on the other field. - Server side validation/form validation
Validation should always be done both on the browser and server-side. The browser can catch simple failures like mandatory fields that are empty and when you enter text into a numbers only field. These can however be bypassed, and you should make sure you check for these validation and deeper validation server-side as failing to do so could lead to malicious code or scripting code being inserted into the database or could cause undesirable results in your website. - Passwords
I’ve always been a firm believer in strong passwords. I’m glad to see that more security measures are in place throughout the internet these days. A lot of people don’t like it yet enforcing password requirements such as a minimum of around eight characters, including an uppercase letter and number will help to protect their information in the long run.
These are just a few of the many things that can be done so you don’t lose revenue from your website being down and to give you some piece of mind. I went ahead a spent a few dollars on a product called SiteLock for additional protection for my website and visitors.