What is code injection?
A code injection or web virus attack is the intrusion of data or denial of access to a website. In this type of attack, attempts are made to modify CMS files and values as well as the structure of the web programming itself.
Code injection techniques have become very popular in “Hacking” to gain access to restricted information, escalate privileges, or access restricted systems. These types of attacks are always malicious and may include:
Arbitrarily modifying values in a database through .SQL injection. The impact of this action can range from changes in the website’s appearance to compromising highly sensitive data.
Installing malware or executing malicious code on a Server through PHP code injection.
Increasing or decreasing the privileges of the website owner, generating vulnerabilities in the operating system.
Attacking website users with PHP code injections or i-shell scripts. This technique allows an attacker to send code to a web application, which is then executed locally by the Web Server.
Penalization by Google and restricted access to the website, affecting the site’s reputation.
Mass spam sending.
Appearance of advertisements as well as unwanted images on the website.
Risk factors
These types of vulnerabilities frequently occur in the following cases:
When the website (CMS; WordPress, Joomla, Prestashop, etc.) has not been updated for a long time.
When plugins or themes are not from the official CMS repository. Sometimes free plugins and themes that are not from the official repository are installed and may cause vulnerabilities and security gaps.
When the FTP manager password and the CMS Control Panel password have never been changed.
Why can this happen even with the firewall enabled?
cdmon has tools to detect viruses in hosting accounts (both web and email). All protection measures are enabled on the Server. However, customers are strongly advised to keep their website and CMS updated.
When an infected website is detected and may generate “Phishing” or other infection-related symptoms, the hosting account is blocked to prevent server issues and data loss. cdmon performs an analysis of the website to search for suspicious files containing infected code. The customer is then notified accordingly.
How to proceed in case of injection?
At
cdmon we offer a WordPress consulting service where we take care of updating and cleaning your WordPress installation to leave it fully optimized.
We update your WordPress
However, you may use another CMS on your website or prefer to review it yourself. You can proceed independently of cdmon. We recommend following these steps:
Review, modify, and delete, if necessary, suspicious files that may contain infected code.
Once the website is clean, verify it using our detection script and/or external support (virus verification through Google search), for example:1. Vikinguard address: https://www.vikinguard.com/free-audit-esAnalyzes the website and provides good support. It offers both a free and a paid tool. It has modules for different CMSs: WordPress, Joomla, Prestashop, Magento.2. Sered address: https://sered.net/auditorias-de-seguridadSecurity audit from competitor Sered Hosting Profesional.3. Innovacreación address: http://www.innovacreacion.comPaid service to keep the website functional, including module and store updates, internal security audits, bug fixes, training and technical support, and optimization.Other injection support pages:
https://hackertarget.com/
https://www.virustotal.com
On the other hand, to prevent future attacks as much as possible, it is recommended to update the CMS as well as any installed plugins or themes.
Use hosting on a Server that allows you to modify the PHP version.
Change the FTP manager password. It is recommended to update the password periodically.
Change the username and password for access to the CMS Control Panel.
Install security plugins. CMS platforms usually offer various virus detection plugins. It is also important, especially in web forms, to configure reCaptcha.
Create a robots.txt file to prevent certain parts of the website from being crawled or indexed by search engines.
If the website has been blocked by Google, once it is clean, you must contact them through “Google Webmaster Tools” so they can review the website and remove the restriction.
It is recommended to perform regular hosting backups. cdmon creates daily backups, and customers can restore their website from the last 14 days through their cdmon Control Panel. However, it is advisable to keep a local backup on your computer, as if the website has been infected for more than 14 days, restoring it from the Control Panel may still result in an infected version.