Are you worried about your website and hackers? If you are not worried, you should be worried or at least virulent. There are people out in the cold cruel internet that are looking at your website. Some of these people are comedians (mostly harmless), and some are very vicious. These people are examining your site daily for chinks in your armor, and ways to get into your site without you noticing.
If your attitude is; I’m not worried, I have nothing important on my site … you are a prime target. Some hackers do damage, bring a site down, some simply create a comical behavior in your site, others hack and remain invisible. If you are a lucky person and the hacker does some damage (either vicious or comical), you are lucky because you know you have a problem to resolve. Some hackers do activities that them them invisible to you, but, are causing problems … very bad problems.
In the last year, I have assisted dozens of site recover from hacked states. Some, site owners knew they are hacked, some did not have the slightest idea they were in trouble. Among the sites recovered last year included sites that:
- Had been taken off-line hackers file.
- Had cosmetic (artistic) changes done to their pages appearance
- Were redirecting visitors away from the site by 301 redirect
- Were hit by usage overloads and ultimately Denial of Access problems
- Had viruses inserted on the site
- Had logging software added to there site to catch personal information of visitors
- Had hidden storefronts setup within the site and alternate business was being perform to the surprise of the site owner.
- Had been set up to send out spam email
Clearly, the first few problems are visible to the site owner, but, some of the site hacks could potentially go on indefinitely if the site owner is not vigilant. In the case of the last few hacks, the site owners were alerted to the problems on their site by visitors that accidentally feel into the “alternate business pages,” received spam from the site or had problems with personal information distribution. These last few hacks can have a devastation affect on your site, its credibility and your visitors.
On top of the obvious problem that your site is being used in a manner that you do not intend (redirecting people, steals information from visitors, etc), your site can be identified as a blacklisted site … blacklisted as danger. If your site has been blacklisted by Google, virus protect software or any of a hundred other sources, you will find it incredibly hard to dig yourself out of the blacklist.
So, what can you do to help protect your site?>
- Keep your website software up-to-date, never let a site go on operating with software with a known security risk
- Keep security permissions correct on your files and directories
- Check your site regularly for potential security problems, don’t let the site run on autopilot (without your attention)
- Monitor your site for attempts to login by unauthorized people
- Hide your administration login page
- Limit login attempts
- Never use the default administrator name for a CMS
- Use thoroughly randomized and secure passwords for administration areas
- Monitor your site for people attempting to access suspicious areas of your website
- Monitor you activity log for any strange behavior
- Find tools to help you block accesses from addresses you determine are suspicious.
- Assure you use security validation for all form input fields
- Assure your SSL encryption is functioning if you are sending sensitive data off site.
- Do security scans of your site for malware
- Backup your site and database regularly
The next article on this blog will explain how you can follow the recommendations listed above.