<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-5HLVVHN" height="0" width="0" style="display:none;visibility:hidden">
Aug 14, 2023 12:40:23 PM
Gleydson Soares
Gleydson Soares
Malware Analyst / Security Researcher

Balancing Security and Ads on Your Website: What You Need to Know

Balancing Security and Ads on Your Website

In today's digital landscape, monetizing websites through ads has become a standard practice, but it comes with security trade-offs.

 

Understanding the Security Risks of Ads Plugins

 

Many site owners might not realize that displaying ads can introduce security risks. Have you ever wondered how websites make money? One standard method is through displaying ads. While ads help websites generate income, they come with a catch—security risks. In this article, we explore this issue and how seemingly harmless ads can open the door to spam infections and harmful redirects.

How Ads Plugins Work and Potential Vulnerabilities

 

Ads plugins serve as practical tools to integrate advertisements seamlessly into your website. These plugins, often found in official repositories, aren't inherently malicious. However, they're designed in a way that can inadvertently create vulnerabilities and be used in Malvertising campaigns which spreads malware and unexpected redirects. Their ability to load scripts from external domains might lead to unforeseen redirects and security breaches.

Here's a simple explanation: The ads plugin adds a piece of code to your website's database. This code calls URLs on remote websites, which adds third-party JavaScript code to your site. There are also "advertising network vendors" promoting dangerous code use. 

The code might look like this in the database:

third-party JavaScript code

This code contacts a potentially harmful external website using a file called "invoke.js." This file is displayed on your website, and your visitors' web browsers might load it without them knowing. 

It calls a remote malicious domain with an arbitrary invoke.js; below is the result code, which appears in the affected website and is loaded by the victim’s web browser:

result code, which appears in the affected website

Some plugins have built-in automation that resyncs from remote endpoints, pushing the code to the DB, and reinfecting it.


Promoting such ad code snippets is dangerous, and Imunify360 has shipped a signature to address it, SMW-INJ-16270-js.spam.redi-9.

 

Taking Control: Choosing and Evaluating Ads Plugins

 

Before you add any ad plugins to your website, it's essential to be cautious. Check the reputation of the plugin and read reviews before installing it. You can do this by visiting the plugin's page at https://wordpress.org/support/plugin/ and checking user feedback. If you're unsure, you can also contact us for advice.



Navigating Website Security with Imunify360

 

Imunify360 continuously monitors plugins like these. When we confirm their harmful behavior, we take action. Our policy is to report these issues to the relevant parties, request the removal of the harmful code, and actively block them using Imunify360.

Moreover, Imunify360 has a powerful tool called the Malware Database Scanner, which is enabled by default starting from version 6.0. It helps you scan your website's database for malicious code. It's equipped with cutting-edge scanning technology to detect and eliminate such infections. Whether within your file cache or the database itself, Imunify360 targets the root cause – typically residing within the database.

You can find the settings on UI:

Malware Database Scanner UI

To enable database scanner from cli:

# imunify360-agent config update '{"MALWARE_DATABASE_SCAN": {"enable": true}}'

 

For more detailed instructions, you can refer to the official Imunify360 documentation:
https://docs.imunify360.com/dashboard/#malware-database-scanner.

Balancing Security and Ads on Your Website: What You Need to Know

Aug 14, 2023 12:40:23 PM
Gleydson Soares Gleydson Soares

Balancing Security and Ads on Your Website

In today's digital landscape, monetizing websites through ads has become a standard practice, but it comes with security trade-offs.

 

Understanding the Security Risks of Ads Plugins

 

Many site owners might not realize that displaying ads can introduce security risks. Have you ever wondered how websites make money? One standard method is through displaying ads. While ads help websites generate income, they come with a catch—security risks. In this article, we explore this issue and how seemingly harmless ads can open the door to spam infections and harmful redirects.

How Ads Plugins Work and Potential Vulnerabilities

 

Ads plugins serve as practical tools to integrate advertisements seamlessly into your website. These plugins, often found in official repositories, aren't inherently malicious. However, they're designed in a way that can inadvertently create vulnerabilities and be used in Malvertising campaigns which spreads malware and unexpected redirects. Their ability to load scripts from external domains might lead to unforeseen redirects and security breaches.

Here's a simple explanation: The ads plugin adds a piece of code to your website's database. This code calls URLs on remote websites, which adds third-party JavaScript code to your site. There are also "advertising network vendors" promoting dangerous code use. 

The code might look like this in the database:

third-party JavaScript code

This code contacts a potentially harmful external website using a file called "invoke.js." This file is displayed on your website, and your visitors' web browsers might load it without them knowing. 

It calls a remote malicious domain with an arbitrary invoke.js; below is the result code, which appears in the affected website and is loaded by the victim’s web browser:

result code, which appears in the affected website

Some plugins have built-in automation that resyncs from remote endpoints, pushing the code to the DB, and reinfecting it.


Promoting such ad code snippets is dangerous, and Imunify360 has shipped a signature to address it, SMW-INJ-16270-js.spam.redi-9.

 

Taking Control: Choosing and Evaluating Ads Plugins

 

Before you add any ad plugins to your website, it's essential to be cautious. Check the reputation of the plugin and read reviews before installing it. You can do this by visiting the plugin's page at https://wordpress.org/support/plugin/ and checking user feedback. If you're unsure, you can also contact us for advice.



Navigating Website Security with Imunify360

 

Imunify360 continuously monitors plugins like these. When we confirm their harmful behavior, we take action. Our policy is to report these issues to the relevant parties, request the removal of the harmful code, and actively block them using Imunify360.

Moreover, Imunify360 has a powerful tool called the Malware Database Scanner, which is enabled by default starting from version 6.0. It helps you scan your website's database for malicious code. It's equipped with cutting-edge scanning technology to detect and eliminate such infections. Whether within your file cache or the database itself, Imunify360 targets the root cause – typically residing within the database.

You can find the settings on UI:

Malware Database Scanner UI

To enable database scanner from cli:

# imunify360-agent config update '{"MALWARE_DATABASE_SCAN": {"enable": true}}'

 

For more detailed instructions, you can refer to the official Imunify360 documentation:
https://docs.imunify360.com/dashboard/#malware-database-scanner.
Subscribe to Imunify security Newsletter
aicpa soc
pci-dss
eu gdpr compliant
© All rights reserved. Imunify360 and CloudLinux Backup are the registered trademarks of CloudLinux Inc.