Online threats you can’t see!

Since the beginning of the Internet, people, with bad intentions, always looked for ways how to manipulate the Internet in their favor. During the Covid-19 we’ve read stories of hospitals being attacked by ransomware, in order to gain money.

There are different kind of online threats where we need to protect us against. Let us take a brief of the kind threats we need to consider :

Malware

The term malware is a contraction of malicious software. In easy words, it is any piece of software that is written with the intent of damaging devices, stealing data and other problems you want to avoid.

Malware is often created by teams of hackers in order to make money. They spread the malware by themselves or sell it at highest bidder on the dark web.

 

What does malware do and how to avoid it?

Malware can do all sorts of things, but let’s take a closer look at the different malware types that exist today.

Virus :  Like its biological form, a virus attaches itself to clean files in order to infect and damage them. They can spread uncontrollably and can harm your core files and disable your system. They usually come as .exe files or executable files.

Trojans : this kind of malware can be hidden programs or disguised as legitimate software in order to open backdoors on your server or applications to other malware in.

Spyware: Like the name says, this malware is designed to spy on you. It is hidden somewhere in the background of your system and it’s only intention is to spy on you for surf behavior, what you do online,  which passwords you use, credit card numbers, and much more.

Ransomware This kind of malware encrypts all your files on your computer, and threaten to delete everything or decrypt your files  when you a pay a ransom.

Adware : Though not always malicious in nature, aggressive advertising software can undermine your security just to serve you ads — which can give other malware an easy way in. Plus, let’s face it: pop-ups are really annoying.

Botnets Botnets are networks of infected computers that are made to work together under the control of an attacker.

How can I protect my website against malware and other threats?

 

Besides our work as web design, half of our time is being filled in helping out website owners to make it for hackers to access their website on the origin server. There are different kinds of ways of protecting your website against malware attacks. Let’s take a look on the different ways how to protect your website.

Plugins

We see a lot of people installing security plugins on their WordPress website. It can stop some malware attacks, but it has a couple of downsides to consider.

Slows down the server: First of all, the more plugins you install on the backend of your WordPress website, the more work your server of origin needs to process and the slower it gets. Secondly, the security plugins do what they can from the moment a malicious bot or hacker access your web server of origin.

Malware infections via other plugins : it has been the case, for several times, that other popular plugins were infected during 2020. The latest infections were discovered in plugins like Ninja Forms and Woocommerce that are used by thousands of WordPress websites. Many of these websites used without a doubt as well security plugins.

Conclusion

The use of only security plugins is not advised when your business is relying on your website. Malware infections are still happening even when they are security plugins in place on your WordPress website.

Consider these security plugins like security officers on a plane. Would you take a flight, knowing it is possible that terrorists board the plane and there might be stopped by the security officers on the plane?

In this manner of speech, we are sure you would feel more secure if these terrorists are detected in the airport before they are getting on a plane. This brings us to a next level of security; scanning luggage (malware content) and the intentions of the visit (legitimate or unauthorized access).

Firewall as a gatekeeper to your website

A firewall is a network system that scans incoming and outgoing traffic to your server. Hackers are using bots (small applications) that scan the internet for open ports. These bots are crawling the Internet network, with certain commands and strings. The firewall can detect these kinds of strings and can refuse access to that bot.

Blocking or challenging unwanted visitors to a website

You can install the firewall with different rules. These rules are criteria that are applied to every IP-address that is trying to access your website. In this way, you could even apply a rule for blocking or challenging IP-addresses that are not residing in your own country. When you are a local store, this might be interesting feature. Why should you have traffic coming from Russia, China or another foreign country if you don’t intend to sell in these countries? IP-addresses from visitors from these countries, will receive the message that they are not authorized to access your webpages.

You could as choose for challenging IP-addresses from other European countries in order to block malicious bots that are coming from for example Russia, but use servers in Europe to access your website. When IP-addresses are challenged, it means that they need to prove that they are human. You certainly know reCaptcha. This is kind of application that interrogates the visitor by providing a question, that only a human can answer. When Bots are crawling this page, they will not be able to answer the question.

The choice of blocking or challenging depends on your needs. When you are a local shop and you would not sell products all over the Internet, you could block other countries. But if your business is more international oriented, you would more likely challenge visitors coming from other countries.

 Like the police officers at the airport, they check your ID and where you come from and where you want to go. But when they don’t ask what our intentions are and what you are carrying in your luggage, you need an extra level of security. This brings us to the third level of security, the web application Firewall.

Why is the use of a Web Application Firewall necessary for your website?

A web application firewall filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers.

Generally speaking, a web application firewall creates a set of rules designed to protect your website. This includes:

  • Blocking unwanted web traffic from accessing your site
  • Protecting against hacks, brute force attacks, DDoS attacks, cross-site scripting, SQL injection, and zero-day exploits
  • Virtual patching before common CMS platforms release official patches (Magento, WordPress, Drupal, etc.)

This is all done on a continuous basis, not a reactive basis, giving you the best chance to protect your website before an attack is successful. And in the unlikely event a hacker does infiltrate your website, a WAF will greatly enhance your ability to clean your site faster, more completely, and for a lot less money.

Last but not leat; a WAF also increases site speed and performance through advanced caching mechanisms. So now we’re talking about a site that’s safer and faster, two of the things that matter the most on the web today. Seems like the right path, isn’t it?

Which steps do I need to take to make this happen?

 

First of all, below you see a button and when you click on this button it will ask you to fill your contact details. We will make sure that you will have all answers within a timeframe of 24 hours. Don’t worry, we don’t like pushy salesmen so we don’t push you to make decisions or keep on sending mails once you have given us your email address.  

 

If you don’t want to share your email address, feel free to contact us by our chat box or by phone. We would be happy to answer all your questions.

EN
NL FR EN