I’ve been a contributor (or helper) in the BadwareBusters forum (StopBadware) in the last month or so. Recently someone asked about how to prevent a future re-infection and secure their website. I came up with a bunch of ideas which I thought I could share here as well:

BACKUP REGULARLY (once a week)
- back your files, databases
- store backup on a different server, other media, etc.

PERSONAL SECURITY
- use strong passwords
- do not store your password on your computer in a text file or within your FTP client (ie. Filezilla)
- Check that the only FTP accounts are authorized ones (in other words, watch for ‘rogue’ accounts). You can do this from you Control Panel within your hosting account or simply by asking your hosting company for a list of usernames associated with FTP.
- avoid FTP if possible and choose SFTP or SSH which encrypt your connection whenever you need to connect to your server to upload files/make changes.

- avoid connecting to your site over insecure wifi

SURFACE OF ATTACK REDUCTION
- list all software running on your site
- remove any software/plugin that is not needed
- update all software running (CMS, PHP, Apache, etc)
- update all plugins
- run a web vulnerability scanner to detect weaknesses with your site

SITE HARDENING
- review all file and folder permissions in your public_html folder
- permissions should never ever be 777
- files should be set to 644, folders to 755
- if server is running Linux, harden the .htaccess file
- harden your CMS (hide which version it is running, change the default login from admin to something else)

LOG REVIEW
- review access and error logs on a weekly basis
- identify attack attempts and block the malicious IPs

You can find me under the handle ’jerome’.

Jerome Segura