Risk
6/16/2011
03:45 PM
Connect Directly
RSS
E-Mail
50%
50%

SMB Websites Face Mass Meshing Attacks

Here's how to protect your SMB website--and what to do if it's been compromised.

-- Do your homework on Web hosting providers, and choose a good one. Hackers love to target shared hosting vendors, because when they find a vulnerability it often leads to a bumper crop of sites they can hit. "Choose your Web hosting provider wisely," Huang said. "Some hosting companies are well-known to have vulnerabilities in their shared hosting environments." He added that there are good online forums where SMBs discuss their experiences with various hosting providers.

-- Run current antivirus software on all of your PCs, and especially those used to manage the website. Huang said that reliable, free options such as Microsoft Security Essentials mean even the leanest SMBs have "no excuse" to not deploy antivirus software.

-- Stay on top of critical software patches. Huang lists Microsoft, Adobe, and browsers as the top three priorities and says SMBs shouldn't delay downloading and applying fixes, especially when mega-updates such as Tuesday's Microsoft release come out.

-- Likewise, if you use turnkey, third-party website components such as shopping carts or content management systems, always keep them updated with the most current version--especially if they're open source. For example, Huang said: "As soon as WordPress releases a new version, the whole hacking community knows about the vulnerabilities of the previous version and they're ready to attack."

-- Scan your site's custom code for vulnerabilities. There are commercial systems available, but budget-conscious SMBs can do this without spending money. Huang points to NetSparker's community edition, for instance, and said that next month Armorize will release its own whitebox version of CodeSecure that will scan up to 10,000 lines of source code free of charge. He also notes a variety of online sources for extra guidance, such as The Open Web Application Security Project.

SMBs looking for extra help in spotting mass meshing threats should look to their existing website vendors; they might be able to leverage monitoring services as part of an existing agreement. Huang said SSL-certificate providers such as Symantec's VeriSign often include such services.

If your site has suffered from a mass meshing attack, act quickly. Here's what Huang advises:

-- The first response for many SMBs--particularly those with limited internal IT staff--should be to call their Web hosting provider. The good ones, Huang said, will often be able to help and may have already identified a fix, particularly if they have other affected customers.

-- Change your site's admin password, but don't do so immediately: First, run an antivirus scan on the PC. If it's infected, the attacker will have access to the new password, too.

-- Scan your systems--including files, databases, and config files--for backdoors. Huang concedes that this might exceed the comfort zone of some SMB owners and staff; in that case, it may be time to bring in an outside vendor.

-- Finally, when the site is clean and secure, begin the crucial process of restoring its traffic and reputation. Google's Webmaster tools allow for blacklisted sites to request re-evaluation, for starters.

If all of this sounds like grunt work, it is. And it's absolutely necessary. Otherwise, SMBs are advertising their site to the wrong audience: Hackers. The bad guys profit when smaller businesses are too busy or careless to attend to online security. But SMBs should have a profit motive here, too. In a follow-up email, Huang wrote: "When attacks take your competitors down, your value will show."

It doesn't pay for small and midsize businesses to protect against security threats faced by only the largest companies. Here's how to focus your efforts on the right threats. Download our all-digital supplement. Download it now.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4262
Published: 2014-07-28
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this issue was SPLIT due to different affected versions (ADT3). The irkerbridge.py issue is covered by CVE-...

CVE-2013-4840
Published: 2014-07-28
Unspecified vulnerability in HP and H3C VPN Firewall Module products SECPATH1000FE before 5.20.R3177 and SECBLADEFW before 5.20.R3177 allows remote attackers to cause a denial of service via unknown vectors.

CVE-2013-7393
Published: 2014-07-28
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfile option is used. NOTE: this issue was SPLIT from CVE-2013-4262 based on different affected versions...

CVE-2014-2974
Published: 2014-07-28
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create administrative accounts.

CVE-2014-2975
Published: 2014-07-28
Cross-site scripting (XSS) vulnerability in php/user_account.php in Silver Peak VX before 6.2.4 allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.