What is URL Blacklisting and How Can You Prevent It?

Key Takeaways:

• URL blacklisting represents a significant threat to your online presence. 
• Injection attacks are one method used by hackers that could cause your URL to get blacklisted. 
• Fortunately, there are some helpful tools you can use to protect your website.

On the Internet, bad behavior often has consequences, and some of them can be pretty severe. In our previous post on How to Prevent Network Blacklisting, we mention the ways that attackers can take over your network and send out malware. This can get your IP address range blacklisted by security vendors, which in turn can harm your business reputation.

But that is just one form of several types of blacklisting. In some cases, specific URLs and domains end up on other kinds of blacklists. Even if your network is well-protected, your various other resources such as cloud-based web and database servers can be compromised. You want to ensure that you are protected against both types. 

Your business website is a critical piece of your corporate identity and keeping it running smoothly and free of malware is important. If it were to become compromised, search engines and other security sites could blacklist suspicious URLs and block your site from appearing in search result listings. Google issues tens of thousands of blacklist requests daily, mainly to protect users from falling prey to these sites. There are numerous other blacklist sources, including Spamhaus and Microsoft’s Bing Webmaster Tools. Being listed and blocked by these sources could significantly reduce your organic search traffic, impacting your sales and potential customers. 

Web servers have been a popular target by hackers for several reasons. First, many of them run outside your network infrastructure and may not be adequately protected. Or, these servers are often a shared responsibility of several departments with no single owner who is focused solely on security. Finally, there are numerous vulnerabilities that are well known — as an example, look at the Open Web Application Security Project (OWASP)’s top ten list of web application exploits — almost all of these were first discovered years ago. 

Take injection attacks, the first item on their top ten list. The origin of this attack type dates to the early years of the 21st century and doesn’t seem to be going away. It is easy to find web servers that are subject to this issue: all you need to do is put in an appropriate search term in the right places in the URL of your server. You don’t need any specialized hacking tools, other than your web browser and few skills. If done correctly, the form called SQL injection could result in an intruder getting a copy of your most sensitive data in a matter of seconds. And there are probably dozens if not thousands of URLs that could be vulnerable. 

Injection attacks can cover a lot of ground — for example, your pages could become filled with malware-based advertisements or phishing come-ons. These could get your URLs blacklisted too. 

Fighting Malicious URLs — for End Users

Most modern web browsers now come with the ability to determine if a particular URL is malicious or has been previously blacklisted, and can display a red warning message as shown below. Several security vendors have specialized browsers that have additional built-in security measures, such as McAfee SiteAdvisor and Avast Secure Browser. Another tool is to use the Google Safe Browsing Status page. You put in the URL of interest, and it returns whether it has found any unsafe content on that page. All of these tools provide additional screening of malware-laden webpages, preventing you from becoming a victim or divulging private information.  

Fighting Malicious URLs — for Developers

These are great for end-users, but what about tools that can help developers prevent malware from compromising your website? A good place to start is with your WordPress site. In a previous blog post, we mention ways to harden your WordPress installation, including reducing the number of plug-ins and keeping your software updated. 

One hardening mechanism is to use one or more tools that are designed to repel invaders:

• Sucuri Website Security Platform — basic version starts at $200 per year per server.  
• Wordfence has both a free and a premium version which starts at $99 per year per server. The premium version can check to see if your site has been blacklisted, while the free version comes with managed WordPress from Network Solutions. 
• Astra sells different versions, including one for WordPress, starting at $228 per year per server.  

Both Sucuri and Wordfence are used by hundreds of thousands of websites. There is this feature comparison by ServerGuy to help you choose the right tool. 

Finally, there are other tools and techniques that you can use to protect the remainder of your application stack that we discussed in this blog post, such as implementing a zero-trust security model and deploying general-purpose web application firewalls such as SiteLock.

Here are some of the functions to look for:

• Scan and regularly audit your entire web server content. 
• Monitor your encryption certificates and keep them updated. 
• Monitor blacklists for your domains. 
• Find the source of malware and in some cases can also remove it. 
• Update any patches to your server. 
• Mitigate any DDOS attacks. 

While it is nice to have choices, you can see that figuring out the right combination of tools and policies will take some effort. Contact Network Solutions for assistance with all of your online security needs.

Products Mentioned in This Blog Post Include:

Images: Shutterstock