What is a malware blocker and why do you need one?
By Johnathen Chilcher
Website security is a $60 billion industry and a necessity for everyone with an online presence. This monstrous demand for online security has resulted in massive costs for small businesses and giant corporations alike. Thankfully, companies have started to offer solutions, like malware blockers, to provide cost-effective and standardardized security to customers of all levels of technical experience. With a malware blocker in place, any business can benefit from the added security to help keep their website safe.
What is malware and how is it contracted?
But wait, what’s a malware blocker? What’s malware, for that matter?
Malware is defined as a piece of software that is intended to damage or disable your computer.
The severity of damage can range anywhere from a cheeky website defacement to a complete and total loss of personal or professional data.
Photo Credit: Christiaan Colen via Visual hunt
Most of the time, malware is injected into a computer system through vulnerabilities in the website or other applications running on the machine, but hackers can also target human beings in order to bamboozle them into giving away more information than they intended in a tactic referred to as social engineering.
According to Bank of America Merrill Lynch Global Research in 2016, cybercrime including social engineering costs the global economy $575 billion each year—this is serious business!
Even if you think your site is secure, you could be leaving yourself open to possible attacks. For example, let’s pretend a hacker submits a harmless comment on your business blog, and you approve it. No harm no foul, right? Well, after the first comment is accepted, all further comments from that same user are automatically approved. The next comment that comes in could contain code forcing the owner’s machine to install malware without their knowledge.
This method of attack has long been patched by the WordPress team, but this is just one example of a malware attack. Plus, there are still some sites out there that haven’t updated to the latest version. So if you’re reading this and you’re not currently on the latest version of WordPress, you can get help by reading, “How to secure your WordPress website.”
Keeping your website safe with a malware blocker
Security can be a tricky business — classical methods only protect you against attacks that have already been done before. So in order to protect yourself, you’ll need to make sure your applications are up-to-date at all times and consider incorporating a malware blocker on your site.
A malware blocker is a system that provides proactive and retroactive monitoring in order to find and eliminate malware before it can affect your business.
Malware blockers do a number of things, including scanning existing files for dangerous code and Web Application Firewalls (WAF) that scan and stop malicious traffic before it can make it to your server. WAFs work by uploading your website pages and redistributing them to a secured server that monitors activity between the user and the site, protecting against attacks that utilize common website structure against itself.
This can also be complemented by a Content Delivery Network (CDN), which distributes your site across multiple servers around the world (meaning visitors connect to servers that are physically closer to them). Therefore, customers will experience the convenience of lightning-fast load times and the comfort of safe browsing.
Finding the right malware blocker can be a daunting process, as some providers do not include all of the above features, leaving potential holes in the security of your business. To make your journey easier, here are a few options to consider:
GoDaddy Website Security, powered by Sucuri
GoDaddy has bundled the reactive and proactive security solutionsinto one product. This malware-eating solution powered by the security giant Sucuri is a cure-all for any business owner interested in securing their website and keeping it safe. Setup couldn’t be easier as you are walked through the process and also backed by 24/7 support.
Pros:
- CDN and WAF
- Easy setup
- Custom rules
- Cleans existing malware
Cons:
- Not PCI compliant
- Smaller CDN farm
Cloudflare
CloudFlare offers easy setup and always delivers on their protection. It’s safe to say that CloudFlare is certainly one of the most well-known providers, but a reputation like that comes with high demand that can affect your site’s load time during high traffic on their servers. You’ll first begin to notice a CloudFlare splash screen where your website should be, claiming to verify authenticity of your request, but your users will only see an inconvenient gap of service to your website.
Pros:
- Widely known and trusted
- Has a free version
- Offers CDN and WAF
- PCI compliant
Cons:
- Can block legitimate traffic
- Intrusive DDOS protection page
- Not a reactive solution
- Does not clean existing malware
Incapsula
Incapsula has offered a basic setup for their security product, but leaves little room for customization. Their only option for customizing their malware blocker relates to bots crawling the site and has nothing to do with malware signatures. They claim to offer protection for most malware backdoors, but this option will only work for known issues.
Pros:
PCI compliant
CDN and WAF
Cons:
- Complicated implementation process
- Not enough documentation for basic users
- Limited customization
- Does not clean existing malware
What do I do if I’ve been hacked?
WAFs and CDNs are great solutions for protecting your website, but they aren’t always the best choice for sites that have already been compromised — especially when the site has been listed on Google’s malware detection. No need to fret, though. If you need help getting your site back up and running, GoDaddy offers Express Malware Removal, powered by Sucuri, which will not only expedite your website cleanup, but also protect your site from further attacks.
For a first-hand look at being hacked and recovering from the damage, check out “Website security lessons learned: What I do now to prevent hacking,” and if you have a passion for security, you can learn more about recovering from Google malware detection with this article.
About Johnathen Chilcher
Johnathen Chilcher is a SysAdmin and programmer for GoDaddy by day, a poet and musician by night. His passion has always been laser-focused on technology and the growing universe around us. Chilcher now uses his talented mind and youthful spirit to make a difference and improve upon the world around us.