Securing a vulnerable website
Our client had a website which was being regularly attacked by bots, with some succeeding in obtaining limited access through brute force attempts.
We were approached to bring the website back online – fast, fix vulnerabilities, and secure the website going forward.
Google blacklists around 10,000 websites every day for malware and around 50,000 for phishing every week. Security is essential for every website, regardless of size.
The basics of securing your website are:
- Backup – regular website AND database backups. Automated is best, and to a location other than your webserver. Backups are invaluable in case of a security breach and also if a website change does something unexpected and you need undo the change
- Monitor – a web application firewall coupled with active monitoring and scanning will detect changes as they happen and can automatically block suspicious requests and brute force attacks
- Update – components, code and libraries must be updated as vulnerabilities are found and fixed
A vulnerability scan was done to identify which aspects of the website had been affected by the breach. Simultaneously, all website code files were compared with the last known backup (which was quite old) to identify files which had been modified and injected with unwanted code.
All standard libraries were updated to the latest version, and adhoc modifications were made where customisation was needed.
Custom code was selectively restored from the last know backup, checked to vulnerabilities, and merged into the website.
A website firewall was installed and configured, and a website scanner was setup to automatically run. The firewall blocks brute-force attacks and bots, while the scanner checks for modifications to files and unexpected changes.
A regular backup was established, which uploads to a cloud location. Keeping the backup external to the website protects the integrity of the backup.
A final check on all code files was done, and the website was brought online.