ClickIT Smart Technologies can help you to setup firewalls such as CSF, UFW, Iptables and PfSense/Sonicwall Firewall Appliance designed to mitigate common botnets, brute-force and malware attacks. Implementing a firewall will ensure you are the only one connecting to your remote management system.
2. HOW TO KNOW WHEN I’M INFECTED, PREVENT YOUR
WORDPRESS FROM BEING HACKED
It’s very known that today most attacks aren’t so obvious. Most hacks today
result in websites becoming infected and then spreading that infection to unaware
users and possibly even other servers. It can take quite a bit of time to clean up a
mess that may have been there long before you discovered it.
How can a person or organization know when their website has been
compromised before it gets out of control? More importantly, how can that same
person or organization know their website has been compromised before their
customers find it themselves? Actually it really isn’t hard to find a hack.
Here are 5 signs you can watch for to make sure your site hasn’t become a
victim.
1) Multiple SiteCheckers:-
These online site checkers will scan your site and tell you if there is a problem,
here is a variety of SiteCheckers that can help you to know if your WordPress is
compromised:
3. Hacktarget’s WordPress Security Scan https://hackertarget.com/wordpress-
security-scan/
Online WordPress Security Scanner to test vulnerabilities of a WordPress
installation. Checks include application security, WordPress plugins, hosting
environment and web server.
Gamasec’s Malware Detection https://www.gamasec.com/gsf/AntiMalware.aspx
This remote website Malware detection scanner investigates URLs in order to
detect suspicious scripts, malicious media and any other web security threats
hidden into legitimate content and located on your web sites.
Webcheck.me Website Scanner https://webcheck.me This tool allows you to
check your website against many known problems like misconfiguration or
malware (and many more).
2) Better WP Security:-
Better WP Security can also help determine a problem by looking for changes to
files on your site. It can look for added, removed or modified files and report
back to you via email. As nearly all hacks involve inserting code into WordPress
files this can be a good indication that someone has gotten into your site and
done something they shouldn’t have.
4. 3.) Google Webmaster Tools:-
Google Webmaster Tool is one of the best tool for webmaster which you can get for free,
and if you have not yet submitted your Website in GWT, you are missing out vital
information regarding your website. Google Webmaster Tool can get the data, tools and
diagnose for a healthy site, with this tool you can check your WordPress for potential issues
that Google has detected. If Google has detected malware on your WordPress, you or your
visitors might see a warning saying “This site may harm your computer.” or “The Website
Ahead Contains Malware.” If you’ve been blacklisted by Google, one of your best sources
for help is Google Webmaster Tools. Google will watch your site for problems when it scans
and report any problems back to you in GWT.
5. 4.) Unusual Activity:-
Another major indicator your site has been hacked is unusual activity often in the
form of a traffic spike or unusual amounts of spam. For example, if you have an old
post that suddenly becomes popular for no apparent reason you might have a
problem. Along these same lines you should watch for visitors from unusual parts of
the world, and watch for extra comments or anything else that can’t be easily
explained.
5) Look at the files:-
PHP files in your theme, the .htaccess file and extra files in your WordPress home
directory are all common places you will find hacked code on a WordPress or other
site. What you’re looking for here, in the case of PHP files, is “hidden” or
complicated code. Scan your entire file structure for “base64” or look at the ends of
your PHP files. If there is anything you don’t recognize it could very well be
something bad. In the case of .htaccess look for redirect rules to domains you’re not
familiar with, or other blocks of code that make no sense.
Looking through the files manually is tedious and boring but it is, without a doubt,
the most effective means of finding an attack as you are exposing an attack directly.
6. Figuring out that you have a problem might not always be obvious. Most attacks these
days will center on .htaccess or a PHP file and will use the infected site to attack its
users. Services such as ScanVerify combined with plugins like Better WP Security can
help you find the infected files quickly and easily so that, when something does go
wrong, you’re back in business as soon as possible.
COMMON WORDPRESS ATTACKS
Thousands of malware types and infections are active on the Internet; fortunately, not
all apply to WordPress. We’ll look at four of the most common attacks on WordPress
users:
Backdoors:- A backdoor lets an attacker gain access to your environment via -what
you would consider to be abnormal methods- FTP, SFTP, WP-ADMIN, etc. Backdoors
are exceptionally dangerous, the most dangerous can cause serious damage on your
server; commonly these attack often happens because of out-of-date software or
security holes in code. Like most infections, this one can be encoded or encrypted,
however, it’s not always as simple as looking for encrypted code; there are several
instances in which it looks like legitimate code. Backdoors come in all different sizes.
In some cases, a backdoor is as simple as a file name being changed, in other cases, the
code is embedded in a seemingly benign file.
7. Drive-by Downloads:-
The point of a drive-by download is often to download a payload onto your user’s local
machine, one of the most common payloads informs the user that their website has
been infected and that they need to install an anti-virus product. There are a number
of ways this attack can get in, the most common causes are Out of date software,
compromised credentials (wp-admin, FTP) and SQL injection. These kind of attacks
have been functioning as conditional malware, this means that they are designed with
rules that have to be met before the infection presents itself. Using a scanner such as
SiteCheck to see whether you are infected is possible. Scanners are pretty good at
picking up link injections.
8. Pharma Hack
Pharma hack is one of the most prevalent infections around. It should not be confused with
malware; it’s actually categorized as SPAM. Like most SPAM-type infections, pharma hack
is largely about controlling traffic. SPAM injections can be identified by navigating your
website, looking at your ads, links, posts and pages, but, the most effective method of
detection is by enabling some type of auditing or file monitoring on your WordPress
website, in order to see when new files have been added or when changes have been made.
REMEMBER: If you’re found to be distributing SPAM, you run the risk of being flagged
by Google with the following alert: This site may be compromised!!
9. Malicious redirects:-
A malicious redirect sends a user to a malicious website. When a visitor is redirected to a
website other than the main one, the website may or may not contain a malicious payload.
The malicious redirect could be generated by a backdoor; the hacker would scan for a
vulnerability and, when they find it, upload a payload that functions as a backdoor. Detecting
a redirect is not as complex as detecting some of the other infections, it is often found in your
.htaccess file or in your PHP files (header.php, footer.php or index.php, etc.) as an encoded
redirect. There are a few ways to check for infections like using a free scanner, such as
gtmetrix or to listen to your users. You might not detect the redirect, but sometimes a user
will alert you to it.
10. WordPress is the most popular blogging and Content Management System (CMS)
in the world. If you are running a website that uses WordPress, the above
suggestions of how to protect it, prevent it and/or how to detect the malware on
your WordPress will help you to avoid your site being compromised or in the
worst case scenario, a down time.
Before you think about securing your site, you should start from the ground up
and that means making sure that your hosting server is secure in the first place,
remember to install legit plugins and themes and always maintain all your
installations up-to-date
Article Source:-
http://clickittechcloudcomputing.tumblr.com/post/154974019871/wordpress-
common-attacks