For website owners unfamiliar with common malware, having malware on your site that doesn’t cause any obvious issues is seemingly harmless to the site owner. How bad can malware be if it just injects links? If site owners do not understand the repercussions of malware, then they will not take it seriously. It often means that these site owners don’t have the necessary monitoring and malware protection in place to defend sites. For shared hosting providers, this issue can have severe consequences and long-term effects on the server’s reputation and potential profitability.
Table of Contents
- The Many Long-Term Effects from Malware Persistence on Your Web-Server
- Removing Malware from the Website Manually is Tricky
The Many Long-Term Effects from Malware Persistence on Your Web-Server
For a site administrator familiar with the way malware works and its devastating effects on a shared server environment, it’s obvious to them that monitoring and containing threats is critical to a healthy site and shared server health overall. But for website owners, they do not understand what can happen when malware is left on a site or how to stop malware from infecting a site.
Malware authors are aware that many site owners don’t know how to protect their sites, and many site owners work with common software such as WordPress. Large-scale attacks focus on WordPress because the code is freely available to download and analyze, and every site has at least one plugin installed. The WordPress platform itself is generally secure, but plugins leave sites open to exploits. Even popular plugins with millions of downloads can have vulnerabilities that affect hundreds of thousands of sites hosted on WordPress, and this can make poorly secured and maintained sites an attractive target for hackers.
When site owners think of a hacked site, they usually think that hacker motives focus on destroying or stealing data, but many web-based attacks focus on injecting hidden content. A common attack is injecting content that leverages the site email capabilities. A majority of sites have the ability to email customers or send messages in email to the site owner. For example, when a customer buys products from the site, it’s common for site owners to receive an email. This email uses an email server to send messages, and attackers want access to this service to send spam messages using a stolen trusted source.
Hackers leverage email services in several ways. If coding on the site isn’t set up to ensure that the sender is authorized to send messages, the attacker can use functions on the site to send spam messages including spoofed phishing emails. If attackers are able to inject code on the site, they could use it to silently send spam messages to a list of targets including the site’s customers.
Every site owner wants to rank well in Google. To rank well, the site must send quality signals to Google, including malware-free code and content. Google has its own Safe Browsing bots that scan sites for malware and alert site owners in Google Search Console. It also scans WordPress sites for outdated versions and suggests that it should be updated to the latest version.
Google Safe Browsing flags sites found to host malware or malicious content. After a site gets flagged, a red interstitial displays in the user’s browser warning them of the malicious content. If the user clicks a link in Google search, the warning interstitial displays. Google may also show “This site is hacked” under the site link in search results.
Along with search warning messages, the server and other sites on the server could be affected. If a server is known to host malware, Google may add the IP to a blacklist in Safe Browsing. This effect can be long-term until Google crawls the server several times and finds no malware. Until the server earns trust in search, sites hosted on the server could be affected for several months.
Excessive CPU and Memory Usage
Every request requires CPU and memory usage from the host server. With some attacks, hackers make requests to servers to trigger their own malware. For example, a hacked site serving spam email could send messages based on attacker signals sent from the web. These requests will increase server CPU and memory usage as the server processes messages and instructions.
In a shared hosting environment, excessive CPU and memory usage from just one site could cause performance issues across all sites on the server. Poor performance servers lead to an increase in trouble tickets, frustrated users, customer churn, and eventually a loss in revenue. It’s critical that server administrators are aware of hacked sites and alert site owners of the malicious content.
User Frustration and Increased Tickets
As users' sites slow from increased server resource usage, they begin to file tickets for technicians to review. In a shared hosting environment, this could be potentially thousands of tickets opened due to performance degradation.
Unless you have the manpower to handle the numerous tickets, an influx in tickets also frustrates technicians responsible for troubleshooting the issue. This issue could also lead to technician churn in addition to loss of customers.
Removing Malware from the Website Manually is Tricky
Manually removing malware requires an experienced professional. When website owners learn that they have malware on their site, they first try to determine where the hacked content is located. They could then attempt to remove it themselves. They could also ask the host technician to remove the malware, but both clients and server technicians don’t have the experience to fully clean malware from a site.
Attackers author malware to be stealthy, so the hacked content could be injected into legitimate files and database tables. Manually removing content could damage legitimate code or content stored within database tables. A mass change removing hacked content could lead to site-wide outages where code and content are no longer readable to viewers. It could also cause errors when users request content, which leads to a loss of viewership and potential customers.
If the malware isn’t fully removed, malware authors code for reinfection. By coding for reinfection, malware persists on the server. The site owner could think that the malware was completely removed, but reinfection places the same hacked content on the site. Reinfected sites could go unnoticed for months if no monitoring is in place to detect that the malware wasn’t completely removed.
Using Imunify360 to Ensure Linux Server Security
Instead of re-actively removing malware and risking reinfection, shared site hosting providers with Imunify360 proactively stop malware from infecting sites and block malicious scans used to find vulnerabilities. The Imunify360 malware scanner will detect and gently clean up any malicious injections and web shells from both files and databases keeping hosted websites operational.
The one-click cleanup offers site owners the ability to remove malicious content and prevent reinfection. Site administrators receive reports detailing malware detection and the actions executed to clean up content.
Other Imunify360 benefits include:
- Block malicious bots. Imunify360 blocks bots used to exploit vulnerabilities with malicious requests including password-guessing and brute-force attacks, vulnerability scanning, malware uploads and others. It also blocks spam registrations on site forms.
- Patch outdated and vulnerable WordPress software and plugins. Imunify360 has a subset of components that provide real-time virtual and physical patching of vulnerable software by KernelCare, HardenedPHP, WAF, and proactive defense modules.
- Avoid site blacklisting. Imunify360’s website reputation monitoring along with the malware scanner keeps websites clean and protected from being blacklisted by search engines including Google. The antivirus server ensures that site search engine ranking is preserved.
- Stop data disclosure. By protecting sites from malware, the site owner protects customers from identity theft and credit card fraud.
Try Imunify360 Security suite for free for 14-days and forget about malware on your website and web-servers.