Risk
6/16/2011
03:45 PM
50%
50%

SMB Websites Face Mass Meshing Attacks

Here's how to protect your SMB website--and what to do if it's been compromised.

-- Do your homework on Web hosting providers, and choose a good one. Hackers love to target shared hosting vendors, because when they find a vulnerability it often leads to a bumper crop of sites they can hit. "Choose your Web hosting provider wisely," Huang said. "Some hosting companies are well-known to have vulnerabilities in their shared hosting environments." He added that there are good online forums where SMBs discuss their experiences with various hosting providers.

-- Run current antivirus software on all of your PCs, and especially those used to manage the website. Huang said that reliable, free options such as Microsoft Security Essentials mean even the leanest SMBs have "no excuse" to not deploy antivirus software.

-- Stay on top of critical software patches. Huang lists Microsoft, Adobe, and browsers as the top three priorities and says SMBs shouldn't delay downloading and applying fixes, especially when mega-updates such as Tuesday's Microsoft release come out.

-- Likewise, if you use turnkey, third-party website components such as shopping carts or content management systems, always keep them updated with the most current version--especially if they're open source. For example, Huang said: "As soon as WordPress releases a new version, the whole hacking community knows about the vulnerabilities of the previous version and they're ready to attack."

-- Scan your site's custom code for vulnerabilities. There are commercial systems available, but budget-conscious SMBs can do this without spending money. Huang points to NetSparker's community edition, for instance, and said that next month Armorize will release its own whitebox version of CodeSecure that will scan up to 10,000 lines of source code free of charge. He also notes a variety of online sources for extra guidance, such as The Open Web Application Security Project.

SMBs looking for extra help in spotting mass meshing threats should look to their existing website vendors; they might be able to leverage monitoring services as part of an existing agreement. Huang said SSL-certificate providers such as Symantec's VeriSign often include such services.

If your site has suffered from a mass meshing attack, act quickly. Here's what Huang advises:

-- The first response for many SMBs--particularly those with limited internal IT staff--should be to call their Web hosting provider. The good ones, Huang said, will often be able to help and may have already identified a fix, particularly if they have other affected customers.

-- Change your site's admin password, but don't do so immediately: First, run an antivirus scan on the PC. If it's infected, the attacker will have access to the new password, too.

-- Scan your systems--including files, databases, and config files--for backdoors. Huang concedes that this might exceed the comfort zone of some SMB owners and staff; in that case, it may be time to bring in an outside vendor.

-- Finally, when the site is clean and secure, begin the crucial process of restoring its traffic and reputation. Google's Webmaster tools allow for blacklisted sites to request re-evaluation, for starters.

If all of this sounds like grunt work, it is. And it's absolutely necessary. Otherwise, SMBs are advertising their site to the wrong audience: Hackers. The bad guys profit when smaller businesses are too busy or careless to attend to online security. But SMBs should have a profit motive here, too. In a follow-up email, Huang wrote: "When attacks take your competitors down, your value will show."

It doesn't pay for small and midsize businesses to protect against security threats faced by only the largest companies. Here's how to focus your efforts on the right threats. Download our all-digital supplement. Download it now.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-0714
Published: 2015-05-02
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Finesse Server 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCut53595.

CVE-2014-3598
Published: 2015-05-01
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.

CVE-2014-8361
Published: 2015-05-01
The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request.

CVE-2015-0237
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 ignores the permission to deny snapshot creation during live storage migration between domains, which allows remote authenticated users to cause a denial of service (prevent host start) by creating a long snapshot chain.

CVE-2015-0257
Published: 2015-05-01
Red Hat Enterprise Virtualization (RHEV) Manager before 3.5.1 uses weak permissions on the directories shared by the ovirt-engine-dwhd service and a plugin during service startup, which allows local users to obtain sensitive information by reading files in the directory.

Dark Reading Radio
Archived Dark Reading Radio
Join security and risk expert John Pironti and Dark Reading Editor-in-Chief Tim Wilson for a live online discussion of the sea-changing shift in security strategy and the many ways it is affecting IT and business.