What is Malware?
Compliments of wikipedia: “Malware, short for malicious software, is software designed to infiltrate a computer system without the owner’s informed consent. The expression is a general term used by computer professionals to mean a variety of forms of hostile, intrusive, or annoying software or program code.”
Why You Need to Be Concerned About Malware
If you own a website, it can be attacked by malware. If infected, malware will use your website as a host to continue spreading throughout the web via your visitors computer systems. As a website owner, you need to share the responsibilty of ensuring your website and web hosting environment is safe from malware attacks.
What Your Web Designer Needs to Know About Malware:
One of the most common ways malware is spread throughout the web is by FTP. We refer to this method of attack as a “brute force ftp attack”. If you have FTP, and if malware can hack/crack your username and password, it can infect your files by embedding certain code into your web pages, usually your index or default pages. When those web pages are loaded/viewed by visitors online, they will be hijacked by malware and turned into a host to begin spreading the malicious code to other visitors systems and websites.
Best Methods to Prevent Malware:
Using a strong username/password combination for all your FTP accounts will help, but if your computer systems are compromised by a virus or spyware you can kiss that peace of mind goodbye. We recommend restricting your FTP servers to allow vistors to connect ONLY via approved IP addresses. Popular FTP programs have this capability, however you can go one step further by applying IP rules to a firewall behind your FTP and/or web server. This means nobody/nothing (malware included) can connect to your FTP server (even WITH the correct username/password) unless they’re coming from a trusted IP address.
Bottom line: take the steps to prevent unauthorized access to your web and ftp servers, and you’ll help prevent malware.
One Comment Add yours
Thank you for the tips on protecting my FTP systems. My email server is protected by email filtering services so I don't have to worry about that.