Attempting to self-cleaning your site on its first infection is normal. However, if you perform a surface cleaning without finding the real cause and securing your website, WordPress, Joomla or any CMS you can easily be reinfected.
There are many causes for reinfection. You may even do all the right security practices and still your site is infected or reinfected. Why?
It is important to differentiate between two types of attacks:
- Attacks suffered from within the server. These attacks occur when the attacker manages to exploit internal vulnerabilities of the environment to perform malicious actions. For example cross-contamination, which we explain in more detail later.
- Attacks suffered from outside the server. When the attacker exploits a vulnerability remotely. For example an SQL injection.
Why has my website been reinfected?
Some possible reasons for reinfection may be:
- The attacker has left a backdoor that you do not detect and that no matter how you clean the infection, allows the attacker to enter whenever he wants and reinfecting your website with malware
- Another possible reason for reinfection is because your website shares a server with other websites. It does not have to be another people’s sites, they can be all yours. However, an inadequate isolation on the server’s websites, can cause that once infected a web, then all infected.
We recently commented on the extent to which you can ‘blame’ your hosting provider for a virus on your website. And there’s one thing in which there is no discussion. If you do not manage the server yourself, good isolation is your provider’s thing.
Regardless of who manages the server, if it contains webs from different environments, security problems are very likely. We mean to contain test environments with outdated versions of plugins with webs in production. Something very typical even in servers where all the webs belong to the same web agency, developer or resellers of hosting. Whether they are websites developed by themselves, WordPress, Joomla or Drupal.
How to avoid reinfections in your site
It is very important to carry out a continuous security maintenance to ensure the integrity of your website. Still, it is important to:
- Doing professional cleaning and securing the web
- One of the essential recommendations is to follow basic security guidelines. Basically:
- Separate the functional parts of your website (website, database, backup, mail …)
- Separate web environments (development, pre-production or production) where you can probably have different permissions and where ideally you have it in totally isolated environments. To minimize precisely that all become infected.
- If you have different websites on the same server and you only care about security in some, you have two options. Or you ensure all those that do not have the right level or move the most secure to another server.
- Another very important recommendation is to use a single account per website. Using the same credentials for everything can lead to ‘forgotten’ websites on that account. By forgetful we mean misconfigured sites or not secure ones.
- Use a WAF or application firewall on all websites that are on your server. Not only on the main web forgetting about the rest. If not, as in the previous case, separate the main web from the rest.
In addition to maintaining your website security
As a summary, some of the most important actions, besides the continuous maintenance of security are:
- If you manage all the webs of your server, separate the most critical, the ones on which you do a continuous security maintenance of those that do not.
- If you use a shared hosting, ask and make sure there are privacy policies between the neighboring websites and yours.
- Use a web account, do not share credentials.
- Separate web environments and functions, as far as possible, on different servers.
- If you use security measures of protection in some webs of your server, like an application firewall, use it in all the others or separate them.
0 Comments Leave a comment