While working through freelancer.com, I regularly come across with projects about removing malware from websites. When I do such projects I always check server logs to understand how malicious code appeared on server. In most cases (more then 90%) infection come through FTP-connection. But how malefactor gets FTP-access without knowing FTP-credentials?
First of all malefactors are not a human beings, they are bots. They steal FTP login/password from your computer. The schema is very simple. You connect to website through FTP. For these purposes you use some FTP-client such as FileZilla, Total Commander, etc. While creating new FTP-connection you enter FTP-login/password and save it inside of FTP-client (to avoid entering them every time you connect to server). From this moment your FTP-login/password is ready to be stolen. Later, while surfing Internet you can visit some website which is already infected with new modification of worm/virus that is not recognized by your antivirus software. Through this website worm appears on your computer, then it scans FTP-client files/database, decode FTP-parameters and send them to remote server. Then these data are used by bots/crawlers that infect your site using your FTP-account.
The conclusion is simple. You don’t have to be website security professional to protect it. You only need keep your FTP-parameters in safe place. So, if you wish to avoid any infection, follow these 3 steps:
- Change FTP-password from time to time.
- Do not keep FTP-password inside of FTP-client. Every time you connect to server via FTP, type password manually.
- If you give FTP-access to someone else (for example, to do some work on server), create temporary FTP-account and block one once work is finished.
Remember, in most cases viruses come to website via FTP-connection. It is done automatically using FTP-parameters that can be stolen from your computer if you keep password inside of FTP-client.
Comments are closed.