While blogging hasn’t replaced baseball as the national pastime, it’s safe to say that it’s made the Top Ten List. The internet has become a catalyst for this infectious hobby, but that’s not the only infection it’s spreading. WordPress Blogs are a prime target for hackers to unleash their latest malware (malicious software) creations.
Over the years, these creations have gotten elaborate and virulent. We’re no longer dealing with standard Trojans, worms, or spyware. PHP Malware does more than simply disrupt computer operations; it steals information and remotely re-infects websites. WordPress Blogs offer the perfect breeding ground.
A Cautionary Tale
StopTheHacker estimates that a single PHP virus has the capability to infect thousands computers with the click of a mouse. When white hat hackers-the good guys-trace the origins of these mass-infections back to their source; blogs are often the culprit with multiple possible suspects. Looking at those numbers it’s hard to imagine why so many blog owners remain susceptible to malware.
So, why are so many internet-users vulnerable? It all boils down to awareness and education. If we want to make a successful stand against a threat, we need to be aware that the threat exists. If we wish to counter that threat, we need to educate ourselves. Consider what follows a mini-tutorial on PHP Malware and malware monitoring.
The Make and Model of Malware
To understand where PHP Malware came from, let’s travel back in time, no-not to November 5, 1955-but to 1994 when Hypertext Preprocessor (PHP) web scripting was introduced.
It was introduced with the best of intentions; to be used as a conversion code between HTML, the servers and the internet. This conversion process has a two-fold purpose. It’s a secure way to access information and it allows web-developers to write database-driven websites quickly and easily. The website development model had one drawback; backdoor access.
These “backdoor” vulnerabilities allow hackers to access websites through saved settings and remotely re-infect them once the settings have been changed. Many blog owners are unaware that defending themselves against virus attacks starts before installing WordPress. A simple pre-install malware scan will rid the keystroke logs of any suspicious software. After that; use some tech-savvy common sense.
The Idiot’s Guide to Infection-Free Blogging
Each registered blog comes with login credentials. File Transfer Protocol (FTP) is used to send the information to internet directories through a server. This transfer is a hunting ground for hackers. They can steal a bloggers FTP login credentials by copying them onto viral software. Once they have this information, infection is imminent. Avoid some frequent pitfalls and infection will be avoided by proxy.
1. Do not use default FTP passwords. Make specific user login and password changes. Do not save this information in a plain text file on computer software. Protect the PHP configuration within the WordPress Directory itself.
2. Heighten blog site security measures by: limiting outside access to program files, renaming files/data tables, updating and hiding plug-ins, and setting permissions.
3. Set and follow a web-malware monitoring routine. Purchase a reputable anti web-malware product. Check web directories for backdoors, shell scripts, and compromised access logs. Look for anomalies like unknown accounts or strange processes running in the background.
4. If any suspicious software is found, remove the malware code, PHP header and tags, and clean and alter indexes and includes. Contact a malware monitoring and removal company for assistance with this process.
Website development is a privilege that calls us to be wise and responsible users of this far-reaching medium. Taking these precautionary steps preserves and protects what makes this medium unique.
If you find this article interesting you also may want to check out the following blog articles: “How Malware Infects Websites” and “How StopTheHacker Works to Help Prevent Attacks on Websites”
If you liked this article let your friends, colleagues and family know and share it with them. Thank you!