1 post tagged “website attacks”

View other items tagged “website attacks:” Photos, Audio, Videos, Books or Links. View “website attacks” on Vox.

Is Your Website infecting your users with viruses?

I’ve been reading other blogs lately, and there’s been some discussion about computers being infected by viruses.  Being infected by viruses is a miserable experience.  If you knew you were infected by a particular website, would you ever visit that site again?  Would you tell everyone you know not to visit that website?

 

What if YOUR website was infecting your customers’ computers without your knowledge?

 

Recently, I read an article about a new computer virus that is spreading quickly through the web.  The authors of this virus were apparently using website vulnerabilities to plant the virus in other people’s websites without the website owner’s knowledge!

 

While only the creator of the virus knows for sure what website vulnerabilities were used, there are two obvious avenues:

 

  1. SQL Injection Attack”.  If your website is medium size or bigger, it probably runs (or should run) off a database.  This website configuration usually involves a programmer at least setting it up (though there are ways around that – perhaps a discussion for a future post?).  If the connection to the database is set up correctly, the “SQL Injection Attack” isn’t possible.

    If the database connection is not set up correctly, the website is vulnerable to attack.  A hacker can use an “SQL Injection” to insert bad code into a website page.  This code could be used to potentially infect a user’s computer with a virus.

    From a programmer’s standpoint, there is no reason at all that such a vulnerability should exist.  Programmers that work with databases learn early on something called “SQL Parameters” that make it impossible for a hacker to do this.  It’s easy stuff.  Apparently, there’s a lot of incompetent programmers out there, though, because this sort of attack happens more often than it should.

    How does a website owner avoid this?  Talk to the person who set up your database.  Ask that person if they know what an SQL Injection Attack is, and if your website is vulnerable to it.  If the person who set up your database doesn’t know what it is, ask them to explain SQL Parameters to you.  If it appears they don’t know what you’re talking about, your website could be vulnerable.
  2. Weak passwords.  Of all the passwords you use, the password that you use to make changes on your website should be one of the strongest.  It is amazing how many people use easy to guess passwords.  If a hacker can guess your password (or more likely, has a computer program that can guess your password), your site is vulnerable to having bad code inserted into it.  Make sure you have a strong password protecting your site.

 

That’s it!  With just a little bit of care, your website will be considerably safer!  And you won’t be loosing customers who got infected by viruses!

18 comments Tags: webmaster, sql injection, website attacks, safe website practices, website vulnerabilities