Is Your Website Infected with Malware?
Your organization’s website is an extension of and a part of the brand you create. There are not many things worse than having someone navigate to your website and receive a warning that “The Website Ahead Contains Malware!”
The damage to your brand and your credibility will be hard to repair.
Google’s Safe Browsing technology examines billions of URLs (website addresses) per day looking for unsafe websites. Every day, thousands of new hazardous sites are discovered. Many of these are legitimate websites that have been compromised. Below you’ll see an example of the weekly notification email I receive for each site monitored.
These hazardous sites fall into two categories, both of which threaten users’ privacy and security:
- Malware sites contain code that can install malicious software on users’ computers. Hackers can use this software to capture and transmit users’ private or sensitive information.
- Phishing sites pretend to be legitimate while trying to trick users into typing in their username and password or sharing other private information. Typical examples are web pages that impersonate legitimate bank websites or online stores.
Malware sites install malicious software on users’ machines to steal private information, perform identity theft, or attack other computers. When people visit these sites, software that takes over their computer is downloaded without their knowledge.
Attack sites are used by hackers to intentionally host and distribute malicious software.
Compromised sites are legitimate sites that are hacked to include content from attack sites.
Your agency should make sure your website is frequently scanned to check for malware or other malicious code that has been inserted into the site without your knowledge.
The solution I use for my websites is Sucuri, a web-based application that automatically monitors websites to detect malware and any unauthorized changes to these websites.
Sucuri provides me with a one-stop solution for DNS, WHOIS, SSL, and other malware attacks on my websites. It also provides real-time analytics and monitors any changes to your web server files, DNS, WHOIS, and SSL settings.
Sucuri is one of those services I use and pay for that I hope I never need. It is kind of like buying insurance, isn’t it?
Sucuri does provide their online malware scanner (for websites) to the general public for FREE (limited access). The online free website scanner provides a detailed examination of your website files, malware status, blacklist status, and the URLs scanned from your website. These free services are limited.
I subscribe to the Sucuri premium service that:
- Regularly monitors five of my websites with automatic checks for malware and blacklist status every four hours.
- Checks to make sure these sites are not on blacklisted site lists maintained by Google, Norton, Phish tank, AVG, Opera browser, SiteAdvisor, Sucuri Malware Labs, Yandex, and ESET. A blacklisted website when visited, shows a warning that it is not safe to browse the landing site. Here is an example of how a blacklisted website looks like in Google Chrome:
Your website is a valuable tool to engage the online consumer. Making sure your website is safe for visitors is even more important. It is worth investing a little bit of money to ensure your peace of mind.
What other tools do you use to ensure the safety of your websites. Let me know.