2 Nov, 2020

Is Hidden Malware Killing Your Website Traffic?

Hidden malware can kill your website traffic by redirecting, displaying faulty links, and getting your site blacklisted. Quttera ThreatSign provides malware cleanup and website protection for your business.
When there's malware or unauthorized content on a website, the search engines are often the first to notice. Without malware cleanup, they'll lower your site's rank or remove it from their results, with devastating consequences to your traffic. Once you're on the dreaded blacklist, potential visitors won't see your site, or they'll see a warning that it's dangerous to visit. Even existing customers will notice something is wrong and may start being wary of using the site.

Hacked content affects websites directly, as well. Visitors could encounter altered links that take them away from your site. The whole page could redirect to a different domain.

Quttera ThreatSign offers website protection against intrusion and hacking. Its web application firewall (WAF) will block hostile activity and make your site safer from malware. If you've been blacklisted, we will help you get off the lists quickly. You'll avoid loss of traffic and keep your site's reputation high.
What happens when your site is infected?
Sometimes it's obvious when malware gets onto your site. It might stop working, or its appearance might change drastically. Frightening as this is, the good side is that you know immediately that there's a problem to fix. You'll shut the site down and bring in whatever help is needed to remove the infection.

But a lot of criminals see a bigger payoff from infecting your site in subtler ways. They take control of your server and stick some unobtrusive links on the site. They engineer the malware to hide the effects when you view the site locally, while visitors get a different view. Sometimes just the ones who use Google to find your site are affected.

Your site still works, even for the people who get the corrupted version. But clicking a link might take them to a bogus website.
In other cases, when people open a page on your site, it may redirect them to a fake site immediately. It might happen just once in a while. They try again, it works normally, and they figure they must have done something wrong.
What are the sources of risk?
Website content management systems are complex, and a CMS may have vulnerabilities. The publishers issue patches as soon as they find out, but not every site is up to date. Servers with old versions of CMSs, including WordPress, Drupal, Magento, Joomla, vBulletin, and others, have known vulnerabilities that criminals know how to exploit.

Plug-ins are a major source of risk. Keeping them all up to date can be difficult, and not all publishers are quick to catch and fix vulnerabilities.

Making sure that all of your website software is up to date greatly improves website production and reduces the risk of infection. However, if the site gets infected, updating the software won't necessarily remove the problem, but malware cleanup will.

Another risk is poor account management. A weak configuration could let someone from outside gain access to the files or the database. Common problems include weak or default passwords, open ports, deprecated protocols, lack of encryption, and poor database security. Exploitation of configuration weaknesses can lead to a breach that gives the attacker complete control.
Why is damage hard to spot?
If a page on your site was visibly changed for all to see, you'd spot it quickly. That's why intruders selectively change sites depending on how they're being viewed. A common trick is to check where the visitor got the link from and change the content only when it came from a search engine. You and your regular users won't see the problem.

The people who get there from Google or Bing might see something disturbing, but they'll assume that's the way the site always worked. It could include links or redirection to dishonest and malware-laden sites. The alterations will pull business away from your site and damage your reputation. They could see browser warnings telling them your website is unsafe to visit.

There are all kinds of tricks to reduce the chance that you'll notice. Only some pages will be affected. The hacked behavior might happen only outside your business hours or only when the visitor appears to be in a foreign country. Even if you do hear complaints, you won't be able to reproduce the problem, so you'll scratch your head and think it must be a mistake or a prank call. But it's real and it hurts you.

What's really bad is when the metadata that gets back to the search engine gets altered. When people see the search results for your page, it looks like a vendor of prescription medicines by mail. (You know the ones we mean.) When people click on the link, they get redirected to a site that does just that. The crooks are taking advantage of your hard-earned reputation to direct people to their site. This trick is called the "pharma hack" because it's so often used to sell medical products, but it could push anything.
How can you achieve great website protection?
Keeping a website secure isn't an easy task. Most small businesses can't afford a full-time cybersecurity specialist. The best way to maintain website protection is to team up with a service that has the needed experience and expertise. Quttera ThreatSign gives your website reliable, professional protection at a reasonable cost.

Full protection works at three levels:
  1. Prevention of intrusions and infections.
  2. Detection of any attacks that slip through your defenses.
  3. Mitigation and cleanup to remove malware and prevent a recurrence.
The Quttera Web Application Firewall detects hostile traffic and stops it before it can touch your server. It uses constantly updated filtering rules and can catch even zero-day attacks. You can have it installed on your server or use our server as a front end to yours.

ThreatSign malware scanning uses a behavior-based approach, including heuristic technology to detect malicious signs and anomalies. It detects and employs malware cleanup on your Web server continuously. Manual malware removal is available when it's needed.

If hostile code or content lands your site on any blacklists, ThreatSign will get you off them quickly once the problem is removed. The damage to your website traffic will be kept to a minimum.

Keeping your website secure and free from malware prevents interruptions in your traffic, low search engine rankings, and damage to your business's reputation. With ThreatSign, your servers are protected 24 hours a day against hostile action.