How Did My Site Got Infected with Malware?

One of the most important features of a website is its security. A website infected by malware can never be considered a secure site. But of course it’s not always easy to find out how that malware ended up infecting your domain.

To understand this issue better, we need to understand that there are two kinds of malware:

• Server malware, which is usually the hacker’s backdoors, web-shells, malicious injections in the files, spam mailers, doorways and hacker’s tools. Usually it is located in the files written in PHP, Perl or Python.
• Client malware, which is mainly JavaScript injections in the .js files, templates or PHP scripts. It usually affects user experience on the page, e.g. redirects user or performs a hidden load of some malicious code in a browser.

There’s a lot of ways that someone can use to get your site infected. This is what lead us to the following question:

How did my site got infected with malware?

 
First off, we’re going to make a list of the main reasons why a website gets infected with malware, and then we’re going to check each one of them in detail.

• Running outdated software
• Excessive permissions for files and folders
• Weak cPanel/FTP passwords
• Local computer infected with virus or keyloggers

Running outdated software

An unbelievable the amount of users that don’t run updates on their sites often. It’s one of the most important tasks to make sure your site is secure. Running outdated software such as WordPress will only get you problems, because you won’t get the latest security patches and bug fixes, so any hacker will be able to exploit an old vulnerability to infect your site.

Try to update your sites often, even more if you’re running popular software like WordPress, Joomla, Drupal, Magento and so on.

Excessive permissions for files and folders

Using 777 (readable, writable and executable) permissions on your folders is very dangerous. With this kind of configuration, you allow anybody to write content to your folders, so it would be pretty easy to upload malware into it. We suggest using 755 permissions as maximum for folders, while you shouldn’t use permissions higher than 644 for files.

Weak cPanel/FTP passwords

Having a password like “password” is like not having a password at all. The same applies to “123456, “yourname” and passwords like that. It’s like asking to be hacked. With modern computers these passwords can be cracked in a matter of a few minutes.

A strong password must be of least 8 characters length, including at least :

• A lower case letter
• A upper case letter
• A numeric character
• A special character

Use an online random password generator to create strong passwords.

Pro tip: Using an unique password for each of your accounts can help to protect you against cyber criminals. This ensures that in case of a data breach in one of the services you use, your other accounts are not at risk.

Local computer infected with virus or keyloggers

Of course there’s no point in having a strong password if your computer is full or virus or keyloggers. If your local computer (the one you use to work/connect to your sites through FTP) is infected then you passwords will fall into the hands of the bad guys.

Lots of keyloggers and virus can steal your passwords and send them to malicious third parties. If possible, always try to use Linux or macOS, they are a lot more secure than Windows.

Conclusion

Those are the main reasons why your site may get infected with malware or malicious content, so always remember to update your site often, check for high permissions, use strong passwords and scan your local PC every week.

Do you have any tip you would like to share? Is there anything about this article that you don’t understand? Please let me know in the comments below.