The beginning of 2024 was kinda stressful for me. My websites were all attacked by malicious codes and brought down by DDOS (Denial of Service) attacks.
Imagine my webserver as my cozy home, a place where I host various websites and folders. Each room represents a different corner of my online world. Now, picture a small hole—a crack in the wall or a broken window—appearing in my house. This seemingly insignificant breach is akin to a vulnerability in my webserver.
Through this tiny opening, a rat (let’s call it a malicious script) sneaks into my home. The exact room it infiltrates remains a mystery. Once inside, the rat multiplies, spawning new rats that scurry off into different rooms, infecting more and more of my digital abode. This mirrors how the malicious script duplicates itself and spreads across various folders and websites on my webserver.
I’m no stranger to this scenario. It’s like waking up one morning to find my cozy home overrun by these digital rodents. Panic sets in—I need an exterminator! In my case, that’s the anti-malware software. The exterminator diligently works to eliminate most of the rats, successfully ridding my house of about 90% or more of them. At first glance, it appears that my home is rat-free, but there’s a catch.
These rats are no ordinary rodents. They’re under external control—representing people outside my house who can summon the rats back into action. These individuals correspond to external computers attempting to activate the malicious script via the web. Even though the rats seem eradicated, the external forces can still observe my house (as evidenced by the webserver logs) and attempt to call the rats back.
In this ongoing battle, I remain vigilant. I haven’t yet identified the original breach—the initial hole—but I take solace in the fact that anti-malware scripts exist to detect and remove these malevolent files from my webserver. Additionally, although I can’t control the external pings, I’ve taken proactive steps by identifying the IPs of these malicious attackers and banning their access to my webserver.
So, here I am—patching vulnerabilities, monitoring logs, and keeping those rats at bay. My webserver security is a continuous process, much like maintaining a real home. And just like you’d stay alert for signs of a recurring rat infestation, I keep an eye out for any suspicious activity in my digital space.