Viruses, Viruses, Oh My!

List of viruses from Symantics

List of viruses from Symantics

A few years ago I would tell my clients it was very important to keep their sites up to date for SEO reasons. If a site didn’t get updated on a regular basis, the search engines would stop indexing it and it would loose it’s ranking. Now, I have to tell my clients to keep their sites updated because if they don’t they are going to get hacked.

This has been the year of the hacker. Millions of sites have been hacked by different waves of viruses sent out with the sole purpose of killing your site. If someone had told me this would be of any concern to me 5 year ago I would have thought they had very vivid imaginations. But, now, it is a sad reality that anyone with an online presence is so aware of. If they are not, they are living in a fool’s paradise.

In the last few months some of my clients sites have been hacked. There was one hacker so bold that he left his calling card and where to find the virus file that he had planted in the site. Others are not so nice.


Here is the scoop:

There are many viruses out there that are designed to find a back door to your site. This means any unprotected hole that they can use to creep into your site. These back doors are facilitated by unprotected sites, outdated sites, or sites with third-party extensions that are also outdated. They might not be even in use and forgotten in the extensions folders. it doesn’t matter. If they haven’t been updated, they might be the highway to the site.

Because I am a Joomla developer, I will concentrate on Joomla only.

Joomla is very good about identifying these holes and releasing security updates on a regular basis. It is imperative that they are done as soon as they are released. Don’t wait to give the hackers time to get into your site. The same with extensions. Check to see if there are new versions of the plugins, modules and components in your site. If an extension hasn’t been updated in a long time, contact us to find an alternative. Don’t think it won’t happen to you. It will. Joomla has makes it very easy to update. You get a message in the backend of the site letting you know when there are updates ready whether they are for joomla or third-party extensions. It can’t get any easier. (There are a few extensions that have not complied with the built-in auto update. But they are all getting on board.)

In the last few months there have been quite a few viruses that have brought down millions of WordPress and Joomla sites. All these sites had the same thing in common: old Joomla version or old third party extensions. The sites were either killed right off, or, worse, no one knew they were infected but all the traffic from the site was being diverted to another site, such as the Pharma Viruses. Others sit quietly and capture the information of anyone who fills out any forms in your site. There is even a recent attack to a well-known company with an image virus. The site was hacked with a social media icon. When people visited the site, the icon then infected the visitor’s browsers and computers. Not a pretty thing.

What to do:

1. Keep your site up to date. Update it as soon as the program tells you there is a new version. They come out as soon as there is a security breach identified.

2. Do the same for third-party extensions. Some use the Joomla update system to announce their update version, but some don’t. Make sure you find the latest and install it. If this is too much, we are glad to offer a maintenance package for your site.

3. Make sure your hosting service offers SSL (Secure Socket Layer),and firewalls to protect your site from attacks.

4. Get automatic backup. If your site gets hacked, it takes about 20 minutes to kill the hacked version and replace it with a backup from a few days prior.

5. Contact us if your site gets hacked. It might require our help.

If you want to be impressed, click here to see the latest lists at the Norton’s site. This is a list of the latest viruses out there. It is updated all day long as new threats appear.

 NOTE:  Since publishing this post, Google requires all the sites to have Secure Socket Layer (SSL) to protect it. It scrambles the data sent through the Internet and it is unscrambled at the other end. It has made things a lot safer.

I am now a WordPress developer. The information all applies to WordPress as well.