How to prevent an injection attack:
A not-so-beginner’s guide

I should know better. I help run Glamour.com.

But for this, my personal site, I got lax about security and chose an weak password. My rationale was that with no audience and at most an annual update, my domain wouldn’t be enticing to hackers. Karma disagreed.

Turns out that injection attacks common and usually automated. The bot doesn't care about my traffic, or lack thereof. Luckily, these attacks are easy enough to fix when your site consists of a single HTML page and you don't care too much about your Google rank. For larger sites, or those who do want the Google gold, though, scrubbing your code and going through Google's review process could be a real hassle.

Thankfully, the folks at stopbadware.org have a great repository of info about how to clean your site once infected and what you can do to prevent further attacks. Here are some tools and recommendations I found handy:

Checking your site

• Look up your site in the stopbadware database.
• See Google's diagnostic info by going to http://www.google.com/safebrowsing/diagnostic?site=http://www.yoursite.com
• Unmask Parasites not only checks your site profile according to Google's records, but it's free web-based tool checks your code and points to like injection attacks.

How to protect your site

• Choose a strong password and don't save it in your browser, FTP client or coding app (e.g. Dreamweaver).
• Use SFTP or SSH to upload files to your site if possible. If your host doesn't provide that type of access, ask for it!
• As always, keep your anti-virus and anti-malware software up-to-date on all computers you use, especially those you use to craft your site.

Good luck!