13
Mar
2014
How to check a link for viruses?
When on mailbox, in in social networks or on any other sites you receive a link, and even more so, if from a person you do not know, do not rush to open it. Attackers can send you a link specifically to hack into your account, and if the link is sent on behalf of your friend, it is possible that they have already hacked it.
What to do if you received a link and you want to follow it? First, it needs to be checked for safety. How to check a link for viruses? Exist special services, through which you can check the security of any link. It is better to make sure in advance than to suffer from the actions of scammers later.
Link checking services for security
In a couple of seconds, you can check any link using the following services:
It may also be that the link is presented to a page where there is no virus, but after clicking on it and navigating through the site, you will be exposed to threats. To remove all doubts, you can scan the entire site for viruses. To do this, use the service.
For example, we performed a check on our blog:
As you can see, there are no viruses on our site, which means that you can not worry about your safety when visiting.
Despite the fact that browser developers make great efforts to provide high level security, attackers still manage to find ways to hack, so you need to be prudent and suspicious of links to resources you do not know.
How do you know if the site you are visiting is safe? Is it risky to buy something on it and how suitable is its content for children?
To do this, popular antiviruses have a built-in site rating system. Most often, it works based on the votes of the users themselves. There is a similar system, for example, in Avast internet security. But there is one small "but" - almost all antiviruses with similar functions are paid! And, as a result of their paid nature, they have a rather limited audience, which means that only a small number of them get into the site evaluation rating!
So I found a better solution for myself. It's called Web Of Trust.
Web Of Trust free service site reliability assessments.
Principle of operation
In fact, this is a special gadget for the browser, which, when opened, new page next to the address bar shows its rating in the form of a colored emblem. (It can be colored from bright green to bright red) And the greener the emblem (an indicator of the site's trustworthiness, if you will), the safer the site. And vice versa - if the icon turns red - something is wrong with this site ...
And download it by clicking on the red button on the right. I will also attach a short instruction in pictures for installing the plugin in Internet Explorer:
Importance information security is growing every year, because fraud is flourishing, new methods of deception appear on the Web. And one of the simplest options for fraud on the Internet remains the distribution of malicious links. By clicking on such a link, the user finds himself on the site of intruders, from where viruses, backdoors and other malware can be downloaded. This method is popular because people send each other links to articles, files, videos and other content every day, and attentiveness decreases. Users get used to the fact that all links lead to familiar, safe, trusted sites and stop looking at the text of what they click on with the mouse.
Some sites look absolutely normal when sessioned from a computer. However, accessing them mobile device, you can get to a site with unpleasant content, from which the device will simply be blocked. The redirect can happen completely unnoticed, so advanced users generally refrain from clicking on links from phones or tablets.
Take advantage of several simple advice to avoid damage that can be caused by intruders:
Remember! Fraudsters will always try to swindle honest citizens and come up with new methods of deception, so any require regular updates. Always think before you make a decision, do not rely on reflex, automatic actions!
Method number 1. Online check for Dr. web
On the developer's site antivirus programs Dr. Web has a page with the function of online checking of any links from the Internet. You can find similar sites on your own, owned by well-known anti-virus package companies.
On the Dr. Web You will find a line to enter a link. Carefully copy the link that requires verification (do not follow it), paste it into the line. The entire URL is required for validation.
Click on the button and wait for the result to appear. In the window that opens, you will find comprehensive information on the entered URL and all child links contained in it.
Method number 2. 2ip
2ip.ru is a popular site in the Russian-speaking segment of the Internet that contains a lot of useful information and convenient features. One of them is checking the site for viruses.
Go to 2ip.ru, enter the address of the link to be checked in the special line and after clicking on "Check" wait for the result.
The difference between this service and verification through Dr. Web is that Dr. The Web gives more detailed information, giving a full report on all child links.
Video - How to check a link for safety
March 6, 2015 at 00:43
Website security audit - identifying risks and threats
- Information Security
Site security audit (checking the site for vulnerabilities) - a series of procedures aimed at ensuring stable operation web resource, data security and risk reduction.
It's no secret that the economic situation is now dictating new rules, including in competition. If earlier the "war of technologies", cyber espionage and destructive actions were mainly the lot of large corporations or entire states, now these methods are quite successfully used in small and medium-sized businesses.
We will leave offline company sites aside for now, but today we will talk about commercial websites, whose main income is related to Internet activities.
Site security audit is a set of works to identify errors in the site code and software servers that attackers can use to attack and hack the site.
The motivation used by attackers can be different - it is both bragging and the search for benefits both for themselves personally and by working for a "order".
From the latest "high-profile" examples - hacking of the freelance exchange FL.ru
screenshot of the attacker's message on behalf of one of the administrators
Here, the resource has clearly suffered reputational damage, user loyalty has been reduced. New users may be difficult to attract: www.google.ru/search?ie=UTF-8&hl=ru&q=FL.ru
As a result of the search GOOGLE SERPs at the request of FL.RU, the second is a topic on Habré about draining the user base.
What would a security audit of the FL.RU exchange give - the selection of passwords for resource administrator accounts would help identify these Accounts. Additional recommendations and rules for their observance would help to avoid such an unfortunate oversight. The lack of restriction of access to critical functionality (user accounts) from an untrusted IP address only exacerbated the situation.
The reputational risks of hacking the company's website will naturally affect the profitability of the company. But there is also a direct threat of theft of data that is valuable to the company. Web site of the company associated with online activities - online store, electronic exchange, etc. - the main tool for making a profit - often contains a customer database, all the more valuable if the service involves long-term work with the client, repeat purchases, and so on.
Also, manipulation of payment data, fraudulent transactions in deposit/withdrawal systems or payment systems can cause great damage to the company.
Attackers attacking the site can be conditionally divided into two types:
1. We take everything that lies badly.
This kind of attackers try to gain access to a large number of sites, use primitive techniques, “noise in the logs”. Typically, such actors scan the site(s) with popular vulnerability scanners or look for vulnerable CMSs for a specific exploit. They may be interested in both the user base and the banal iframe on the so-called. exploit-pack.
search for accomplices to commit an offense under Article 273 of the Criminal Code of the Russian Federation
A timely web application security audit will help identify vulnerable components and problem areas of the site. Recommendations will help you be prepared to repel hacker attacks.
2. We attack a specific target.
These types of attackers are usually motivated to obtain certain data or destroy it:
announcements on “near-hacker” forums
In this case, the attacker will not limit himself to passive methods - most likely he will attack the site until he gets the desired result, using all possible combinations of attack vectors.
A comprehensive security audit, which usually includes the following actions, can help to significantly increase the security of a site:
- Search for vulnerabilities in server components;
- Search for vulnerabilities in the server's web environment;
- Check for remote execution of arbitrary code;
- Checking for injections (code injection);
- Attempts to bypass the web resource authentication system;
- Checking a web resource for "XSS" / "CSRF" vulnerabilities;
- Attempts to intercept privileged accounts (or sessions of such accounts);
- Attempts to perform Remote File Inclusion / Local File Inclusion;
- Search for components with known vulnerabilities;
- Check for redirects to other sites and open redirects;
- Scanning directories and files using brute force and "google hack";
- Analysis of search forms, registration forms, authorization forms, etc.;
- Checking the resource for the possibility of openly obtaining confidential and secret information;
- Race condition class attacks;
- Embedding XML entities;
- Selection of passwords.
A site security audit is a proactive measure that allows you to get an adequate assessment of the security of a company resource, full information about the vulnerabilities found, possible scenarios attacks and recommendations for their elimination. This, in fact, is not an event, but a continuous process to ensure the security of the business processes of the company's website, maintain business reputation, economic growth and business development.
Do not wait until your site is attacked by intruders - order a comprehensive website security audit from professionals.
Recently, the Internet has become the main habitat for viruses, since only there they can effectively spread on user computers. Gone are the days when systems were infected via disks or flash cards. With the increase in the amount of information downloaded, the number of infected computers has increased, as users perceive the threat from the Internet as something abstract and something that does not affect them.
Unfortunately, it is not. Neglecting the basics of security can compromise our data stored on hard drives. Infections of computers of large corporations became indicative ransomware virus, which extorted money for unlocking, and otherwise encrypted the data. Most of them contracted it due to banal inattention.
Infection prevention
First of all, you need to use anti-virus programs. Most of them are capable filter traffic, advance warning users about the danger lurking on the resource being opened. Even free versions can significantly enhance the protection of your computer.
Secondly, you should go to browsers, in which is embedded website check. They warn of the danger that awaits users on a particular site. One of these - Yandex browser. Built into it by default plugin, scanning the site and restricting access to frankly malicious resources. If the user tries to access such a page, he will see a warning about the danger and a suggestion to close the tab.
Third, try do not cross on suspicious links in social networks. Vkontakte itself warns that the site can be dangerous, so do not neglect the advice of the service. Most infections happen this way.
Using Google to Verify
This option is suitable for site owners who want to make sure that their creations do not harm users. world wide web. If the site does not belong to you, then you will not be able to check it through search engines.
To start, let's go to webmaster panel. It is located at google.com/webmasters/tools/home (you need to be logged into your Google account). After that, click on the button " Add resource” and enter the link to the site in the box. After that, press " Add». 
After that, we will need confirm site rights. For this you need to place HTML Template on the resource so that Google can identify us. We perform all the actions from the instructions and click " Confirm». 
After confirmation, we can see all the information about our site. To do this, select the tab " Security issues". If there are viruses on the page, the system will notify us about it. If not, we will see such a picture. 
Yandex to check for viruses
By and large, in Yandex we repeat the same procedure as in Google:
Doctor Web and Kaspersky
For the most part, by checking the site through these two services, you can be 97% sure that the site does not contain viruses. These laboratories have devoted years to the development of anti-virus programs, so there is no doubt about their competence. Let's start with Doctor Web.
We go to the official website vms.drweb.ru/online. In addition to checking for viruses, you can see an extensive selection information about viruses and their spread. The main part of the page is the address bar in the middle, into which enter the link on the resource being checked and click " Verify». 
After a while we will get detailed description checks carried out, as well as a conclusion about the danger or safety of the page. 
Work " Kaspersky' is built on the same principle. However, here we can also check files. Enter URL in address bar and click verify.
Unlike the previous service, we are not loaded with the details of the check, but immediately give the result. 
Other online services
In addition to those already considered, there are other services for checking links:
