Is Your Website infecting your users with viruses?
I’ve been reading other blogs lately, and there’s been some discussion about computers being infected by viruses. Being infected by viruses is a miserable experience. If you knew you were infected by a particular website, would you ever visit that site again? Would you tell everyone you know not to visit that website?
What if YOUR website was infecting your customers’ computers without your knowledge?
Recently, I read an article about a new computer virus that is spreading quickly through the web. The authors of this virus were apparently using website vulnerabilities to plant the virus in other people’s websites without the website owner’s knowledge!
While only the creator of the virus knows for sure what website vulnerabilities were used, there are two obvious avenues:
- “SQL Injection Attack”. If your website is medium size or bigger, it probably runs (or should run) off a database. This website configuration usually involves a programmer at least setting it up (though there are ways around that – perhaps a discussion for a future post?). If the connection to the database is set up correctly, the “SQL Injection Attack” isn’t possible.
If the database connection is not set up correctly, the website is vulnerable to attack. A hacker can use an “SQL Injection” to insert bad code into a website page. This code could be used to potentially infect a user’s computer with a virus.
From a programmer’s standpoint, there is no reason at all that such a vulnerability should exist. Programmers that work with databases learn early on something called “SQL Parameters” that make it impossible for a hacker to do this. It’s easy stuff. Apparently, there’s a lot of incompetent programmers out there, though, because this sort of attack happens more often than it should.
How does a website owner avoid this? Talk to the person who set up your database. Ask that person if they know what an SQL Injection Attack is, and if your website is vulnerable to it. If the person who set up your database doesn’t know what it is, ask them to explain SQL Parameters to you. If it appears they don’t know what you’re talking about, your website could be vulnerable. - Weak passwords. Of all the passwords you use, the password that you use to make changes on your website should be one of the strongest. It is amazing how many people use easy to guess passwords. If a hacker can guess your password (or more likely, has a computer program that can guess your password), your site is vulnerable to having bad code inserted into it. Make sure you have a strong password protecting your site.
That’s it! With just a little bit of care, your website will be considerably safer! And you won’t be loosing customers who got infected by viruses!
Comments
A few years ago I somehow got a nasty malware or something on my computer and you suggested I download Spybot. I did and it immediately took care of the problem.
This is good information to know!
Sabrina
Good tips Andrew. My passwords are pretty intense. I'll have to check the other stuff.
Sue Crutcher, Life Empowerment Mentor
Scott A Bell
Veru useful information. I'm not running off a database (yet?) but I'll keep your advice in mind. Thank you for these tips.
Yann
Yann Vernier - Personal Coach UK
making your skin more beautiful
oh Andrew. I will have to have a walk through of this on Camtasia to understand how to look for this.
All the best,
April Braswell
Romance Coach, Online Dating Coach
where have you been all my life....
;-)
www.kevinhogan.net
Aaron
I hadn't know that another could plant a bug on your site very sneaky
Focus Your Energy
Matthew Shields
Awesome, I will never use "Rob" as my password again!
Rob Northrup
Is Your Corporation Protecting You?
Techno Luddite. Actually, not against, just uninformed. Are there resources for the total layperson? I don't even know what I need. Database is foreign to me.
Sheridan
David Power
Expert in Hypnosis, Success Thinking and Practical Parenting
..........drives me nuts....that people take the time...for nothing. not even profit....
www.kevinhogan.net
Believe it or not, Kevin, people are now making a lot of money writing these things. The "viruses" these days are generally programs that take over some control of your computer (we call them “malware”). There’s several things they can do at this point. The most popular is to send email spam from a small, custom email server that is part of the installed malware. Getting too much malware installed on your computer can slow it down, so some malware now searches your computer for other malware, which it deletes!
Crazy, huh? Maybe this would be a good topic for a future blog post…
Sheridan,
Unless you're a programmer (or working with one), it's probably better to focus on web applications that use a database, rather than worry about learning how to directly use a database. A program that manages the content of a website, for example, is a "Content Management System (CMS)", and there's a number of them out there. Some are free.
Other things that can be done with databases: a web forum; a membership section of your website, where different users can access different areas (member's only sections!); a blog (a database isn't essential to creating a blog, but it's nice. Vox is certainly run off a database...)
I'm rambling a bit, now. I'll try to address some of this in a better worded blog post shortly.
April,
It's a lot easier to take preventative measures than it is to figure out if you've been infected. The problem is there is a LOT of different ways a hacker can insert malicious code into your website. The article that I was reading talked about a vulnerability in Flash. In this case, the inserted code would be a Flash file. In other cases, it would be a different piece of code, depending on what vulnerability the hacker was trying to exploit.
Like using a condom....
Whenever Sonya, John, and Tim read this, they will make a comment about my metaphor. Matt will embrace it!
All the best,
April Braswell
Romance Coach, Online Dating Coach