In today's digital landscape, monetizing websites through ads has become a standard practice, but it comes with security trade-offs.
Many site owners might not realize that displaying ads can introduce security risks. Have you ever wondered how websites make money? One standard method is through displaying ads. While ads help websites generate income, they come with a catch—security risks. In this article, we explore this issue and how seemingly harmless ads can open the door to spam infections and harmful redirects.
Ads plugins serve as practical tools to integrate advertisements seamlessly into your website. These plugins, often found in official repositories, aren't inherently malicious. However, they're designed in a way that can inadvertently create vulnerabilities and be used in Malvertising campaigns which spreads malware and unexpected redirects. Their ability to load scripts from external domains might lead to unforeseen redirects and security breaches.
Here's a simple explanation: The ads plugin adds a piece of code to your website's database. This code calls URLs on remote websites, which adds third-party JavaScript code to your site. There are also "advertising network vendors" promoting dangerous code use.
The code might look like this in the database:
This code contacts a potentially harmful external website using a file called "invoke.js." This file is displayed on your website, and your visitors' web browsers might load it without them knowing.
It calls a remote malicious domain with an arbitrary invoke.js; below is the result code, which appears in the affected website and is loaded by the victim’s web browser:
Some plugins have built-in automation that resyncs from remote endpoints, pushing the code to the DB, and reinfecting it.
Promoting such ad code snippets is dangerous, and Imunify360 has shipped a signature to address it, SMW-INJ-16270-js.spam.redi-9.
Before you add any ad plugins to your website, it's essential to be cautious. Check the reputation of the plugin and read reviews before installing it. You can do this by visiting the plugin's page at https://wordpress.org/support/plugin/ and checking user feedback. If you're unsure, you can also contact us for advice.
Imunify360 continuously monitors plugins like these. When we confirm their harmful behavior, we take action. Our policy is to report these issues to the relevant parties, request the removal of the harmful code, and actively block them using Imunify360.
Moreover, Imunify360 has a powerful tool called the Malware Database Scanner, which is enabled by default starting from version 6.0. It helps you scan your website's database for malicious code. It's equipped with cutting-edge scanning technology to detect and eliminate such infections. Whether within your file cache or the database itself, Imunify360 targets the root cause – typically residing within the database.
You can find the settings on UI:
To enable database scanner from cli:
# imunify360-agent config update '{"MALWARE_DATABASE_SCAN": {"enable": true}}'
For more detailed instructions, you can refer to the official Imunify360 documentation:
https://docs.imunify360.com/dashboard/#malware-database-scanner.