We received an advisory alert on a security issue this morning and wanted to pass the update on to you.
What has happened, who is at risk?
Websites based on Content Management Systems (CMS) like Drupal, Joomal and WordPress have been the subject of a new spate of attacks recently.
The attacks are most commonly being done using plugins. Within the plugin there is what is appears to be an image file, but is in fact a piece of code used to attack your website.
When a site has been attacked in this way, it is important that the entire plugin/theme be removed, as the file with the detected problem is a sign of a dodgy (technical term!) plugin.
What problems result from this attack?
A website which has been attacked in this way can result in the domain for the website being added to the blacklist maintained by Spamhaus. Spamhaus has been adding more domains in recent weeks as a result of these attacks.
What is a blacklist?
In this case, a blacklist is a list of domains for which a problem has been detected. If Spamhaus detects this rogue plugin at your website, for example, it will add your domain to its blacklist.
What does it mean to be on the blacklist?
Again, I will explain based on the current context. In this case, if your domain is added to the blacklist at Spamhaus then you may have issues with emails being sent from your domain, for example. This is because most antivirus companies purchase the current blacklist from Spamhaus and use that to decide on what to block for their users. So if your domain is on their list, their users will not receive emails from you as their antivirus will block them. So you definitely do not want to risk ending up on this blacklist!
Can I check to see if my domain is currently blacklisted by Spamhaus?
Yes, you can use the Spamhaus lookup tool, where you can input your domain and see whether you are in the clear.
What can I do to prevent this?
As always, it is highly recommended that you make sure to keep your website installation up to date by installing any updates which are available for your CMS, plugins, themes, etc.
In addition, it is not advisable to download and install a plugin/theme for your CMS from an unknown source. Download the plugin from WordPress plugins, WordPress themes, Drupal extensions or Joomla extensions.
Plugins and themes from other sources are not as safe, as a third party can potentially place unwanted files inside the download.
Give me some good news!
Well the best news is that for Coppertops clients who have our support packages in place, this is ALL taken care of as we only apply recognised plugins to our WordPress sites and we maintain security updates on sites usually on a daily basis.
If you have a WordPress site which is not being kept up to date, please contact us for pricing on our management packages where we can keep them up to date for you. Our clients receive a weekly report of all updates applied. We can also discuss applying security upgrades to your website.
If you don’t feel confident in managing security on your website yourself, you might find that our support pack costs less than you think. If you let us take care of this for you then it’s one less drain on your time and one less thing to worry about, as we’ll do that for you too