Holding Your Web site Safe in 2024

Hostinger has been protecting your web sites protected and safe since 2004. Annually presents new challenges for web site safety, and 2023 was no exception. Final yr was well-known for the rise of synthetic intelligence, which can also be utilized by cyber criminals.

Uncover how Hostinger thwarted makes an attempt by malicious actors to compromise the web sites of over 2 million prospects in 2023. Along with the 5 classes realized, we may also share some insights that can assist you keep away from cyber threats.

Gross sales Appeal to Malicious Actors

The Hostinger malware scanner, powered by Monarx, recognized and cleaned almost 500 million cases of malware all year long. The variety of cleaned malware is twice as little as it was in 2022, largely as a result of now we have realized tips on how to take care of Phoenix, an uploader delivering different malware to techniques. 

After excluding the affect of Phoenix, there’s really been a vital enhance within the variety of distinctive malware items over the previous yr, a development more likely to persist. 

Malicious actions peak throughout gross sales intervals when extra individuals are on-line, spending cash, and is probably not as cautious about safety. Our malware scanner was working tirelessly throughout main gross sales in November and December, and minor spikes had been noticed in Might and August. 

Moreover, generative AI is more and more contributing to an arms race with hackers by making malware extra subtle and harmful.

Enterprise Raiders Goal Small Companies

Webshells, uploaders, and adware proceed to dominate web site malware charts, however new threats are rising for small companies and mom-and-pop retailers.

First, ransomware is more and more focusing on them by encrypting knowledge and demanding a ransom for restoration. A yr or two in the past, it primarily focused giant, solvent companies.

Second, cryptocurrency miners are intensifying their actions, significantly when bitcoin costs fall and the variety of conventional miners drops, making mining on internet servers profitable. 

Lastly, redirects are gaining reputation and pose a major risk as a result of their speedy mutability, typically infiltrating each good recordsdata and databases. The wp_posts desk is especially widespread, however they are often far and wide.

Dealing With 500 DDoS Assaults per Day Is the New Regular

In 2023, our infrastructure confronted over 185,000 distributed denial-of-service (DDoS) assaults, averaging 500 assaults per day. Information facilities within the US witnessed the very best variety of assaults, adopted by Brazil and India. 

Our superior visitors filter effectively thwarted nearly all of DDoS assaults, robotically activating inside seconds and diverting malicious visitors to the filter occasion. This technique allowed us to cut back using remotely triggered black holes by as much as 95%, leading to a greater uptime for our companies and purchasers. 

The visitors filter has dealt with some actually highly effective assaults. A number of of them passed off simply earlier than the foremost holidays, on December 21 and 24, in our Singapore knowledge heart. The primary one endured for over 6 hours, hitting buyer web sites with 2.3 million packets per second (Mpps) and 18 gigabits per second (Gbps). A couple of days later, one other assault unfolded, peaking at 3.6 Mpps and 1.3 Gbps.

The excellent news is that neither these nor the myriad different assaults had any affect on our infrastructure or your web sites.

The Energy Battle Between Botnets and CDNs

Botnets, notably Mirai, characterize one other kind of malware that noticed an increase in tandem with enhancements in content material supply networks (CDNs). To simplify, the higher CDNs turn out to be, the bigger botnets you want to flood web sites efficiently, and vice versa.

An illustrative instance lies with Hostinger CDN. Launched in the midst of final yr, it robotically mitigated quite a few assaults, together with one among appreciable efficiency. Over a three-hour interval, greater than 10 million requests per second (Mrps) engulfed a shopper’s web site. Following the incident, our consultants analyzed the info and leveraged it to improve our CDN, making it 3 times extra highly effective than it was earlier than the assault. 

Clearly, this incident doesn’t measure as much as the record-breaking 71 Mrps assault that Cloudflare mitigated final yr. Nonetheless, it’s essential to notice that our purchasers should not among the many Fortune 1000.

Watch out for Faux and Insecure Plugins

WordPress, utilized by 43% of all web sites, together with over 3 million hosted by Hostinger, stands as the preferred content material administration system. No surprise it continues to be a primary goal for cyber threats.

Main WordPress safety distributors akin to Patchstack, WPScan, and Wordfence recognized over 4,000 Frequent Vulnerabilities and Exposures (CVEs), constituting round 14% of all CVEs found final yr.

Plugins are on the core of those vulnerabilities, with pretend plugins taking the lead. The small print of those plugins might differ, however each their high quality and amount have been quickly growing. We anticipate this development to persist all through 2024 as generative AI makes the creation of faux plugins much more accessible.

For Hostinger purchasers, WordPress computerized updates and a vulnerability scanner come to the rescue. The scanner promptly notifies purchasers if vulnerabilities are detected on their web sites and supplies recommendation on mandatory actions.

The way to Hold Your Enterprise Protected On-line in 2024

Whereas the challenges could seem overwhelming, securing your enterprise on-line is inside your management. Selecting a dependable internet hosting supplier is essential, assuaging considerations about most potential threats.

Search for SSL certificates, a malware scanner, an internet utility firewall, DDoS filtering, built-in CDN, computerized updates, backups, and 24/7 monitoring. Fortunately, as you’re already on the Hostinger weblog, the options you want are only a click on away.

Giedrius is the Chief Product Officer at Hostinger. He leads and facilitates product administration groups to make sure they’re creating merchandise that ship worth to each the person and the enterprise. Giedrius has a robust technical background, he’s keen about utilizing expertise to resolve real-world issues and make individuals’s lives simpler.