Search
Close this search box.
December 11, 2024
Search
Close this search box.

Linking Northern and Central NJ, Bronx, Manhattan, Westchester and CT

Protecting Your Website From Malware

At the Garb I.T. Consulting Group, we made the move to merge with a larger web development company owned by Ashim Adhikari from Pattern Fusion a couple of years ago. After referring projects out to others, we have learned some lessons. Make sure you know what you are getting into before you spend a lot of money. Ashim has stayed in my home and I see how much he cares about his clients.

Most web hosting companies, for a small fee, have tools you can use to build a simple website. Websites like www.wix.com and www.squarespace.com have built their businesses on people using their tools to build their websites. Years ago, building websites on your own was virtually impossible. There are also amazing people locally, like Ben Friedman, who specailizes in making squarespace.com websites.

However, with today’s hackers, as GoDaddy recommended: “To build and secure your site you need [to be] part tech nerd and part web designer.” If you have a lucrative business and it’s clear you didn’t spend the money on a website, it’s better just to list your site with your business name, logo, address and email than to have a site that doesn’t work or is outdated.

Many websites are written in WordPress. I compare WordPress to Windows for the web. Though it’s not the same, WordPress has some plug-ins that do amazing things, though they must be updated regularly. To quote GoDaddy again, from an engineer whom I know: “For a server or PC that sits on your network, hackers getting on there is more difficult. Digital websites that sit on the web [in the cloud], where updates come out much faster, means your website is exposed daily.”

Microsoft puts out updates; any reputable IT MSP professional should be updating on a weekly basis. Many of those updates are to secure your server or PC. If you are managing your own network and have never done updates, get ready for that day when your PC isn’t booting or Windows 10 gets pushed.

I get some griping from our clients because we force them to give us a “window,” no pun intended. Perhaps over a holiday weekend, we make sure we are updating their PCs, server and especially anything security-related like firewalls and routers. (Yes! Anything with a plug on a network needs updates.) Proper maintenance of a network is crucial, like anything else at your office or home.

What can happen to a website is something called DNS poisoning or caching. It’s a bit technical but I will try to break it down.

Google results—when someone types www.garbcg.com, it will go straight to our site; www.garbcg.com would be typed in the browser address bar. Many users don’t bother and just google garbcg.com. Then Google will give results such as the site name with a description, contact, address, etc. This is called Google results. Google gets this info by “crawling” your website. A virus can sit on the website server. When Google “crawls” your website, the malware can poison the results elsewhere; some are inappropriate and some link to virus sites. As you are reading this, you may say, “Oh, I would just shut down the site.”

But, no! That will not work. Remember, we are trying to get Google to recrawl the website. If you shut down the site, Google results will stay poisoned. One needs to remove the virus on the website. Then, by using Google webmaster tools, you have to recrawl and get your website’s real results listed on Google’s results. Even when the malware is removed it can take 48 hours for Google to propagate their result servers.

One needs to hire a competent web developer/security team if this occurs. Do not get confused with a web designer—most of them have little knowledge of how to secure the site. Though some are very knowledgeable and can design a site as well.

The point of this column is that most large businesses are paying someone to secure and maintain the website. Laymen, small businesses or even non-profits may have volunteers managing the site.

There is a reason wix.com and fourspace.com do well. There is support and I believe the backend where the site is held is secure. These companies do not let the client have real access to that backend; this also limits some of what the site can do functionality wise.

Sorry if I lost anyone along the way. That’s why I get to do this great service and it’s always my honor to think I can save one company from a loss or embarrassment. Remember that you are not at fault if you get hacked. This is the hackers’ world we live in now.

Here are the items I would recommend to ensure you have protected yourself as best as you can on your website.

Make sure your domain is with Godaddy or some other large host. If the host doesn’t have phone support move away. Godaddy has amazing support.

Check at whois.com to see who is listed as the contact on your website. Make sure the email is current.

Google Apps and Office 365 email are pointed from your domain to Google/Microsoft. If you are going to make a change, make sure you recreate these links or you will lose email.

Check your login at the web host to make sure you can access the domain if needed.

Be cautious of anyone making changes to your site, especially third parties.

Back up your site before and after changes in case you need to roll back to a previous version.

If WordPress is being used, make sure that the updates are being updated and checked weekly.

What would our world be like without the ability to build websites? Google Sites recently redid their GUI, so it can take 40 minutes to make a website. It’s fun if you have some time to check out the process and build your own website. Feel free to send me your website ideas; I would love to say it was the column that got you started.

By Shneur Garb

 Shneur Garb is the owner of The Garb IT Consulting Group in Teaneck, New Jersey. For questions or comments, email [email protected].

 

Leave a Comment

Most Popular Articles