Mar 11 2008
When Good Websites Go Bad
Whether you are a website developer, small business with an ecommerce website, or are running a web hosting company - there always exists the possibility that your good website will go bad. And sometimes they go very bad.
The specific issue that I am addressing is the unfortunate reality that there are malicious and exploitive hackers out in the world who amuse themselves by taking control of your precious website.
Case in point: I run a small forum website - mostly I run it to understand the underlying content management system - vBulletin. So one day I type in the URL of the site, expecting to see how many visitors are on the site and which forums have newly updated posts. Instead, to my disbelief, I see various crazy colored text that looks to me like maybe Arabic lettering. After trying the URL several more times to convince myself that I am, in fact, at the correct web address I come to the inevitable conclusion: my site has been hacked.
HACKED!!! Me - I mean, MY WEBSITE. CRAP! Now what?!?!
After I calmed down, I presented a trouble ticket to my webhost. They took a look at the log entries and determined when the changes had been made. Then they simply rolled back to a previous version of the site from their backups. The entire fix took about 5 minutes after they processed the trouble ticket.
Here are the things that I recommend you think about as a web hosting customer with regard to malicious activity:
1. Make sure you have local backups. Locally backup your data to a disk and keep it up to date. When you make any significant changes to your website, update the backup file.
2. Make sure your web host has backups. Check the plan that you are on and determine how often your site gets backed up. It's not unusual for a quality business hosting plan to offer daily backups.
3. Keep up to date with software versions and patches. This was my problem with vBulletin. A totally simple flaw was identified and circulated around the Internet during that time. vBulletin offered a simple patch for the problem, or I could have easily updated my version to a more robust state. Don't make this mistake, take a few minutes to read, understand and act on any security information sent out by your software companies.
4. Use robust usernames and passwords. Examine your logins and make certain that they contain non-standard characters - like these: $, @, ! and that you have enough characters to make them hard to break. Guess what the most popular password is? PASSWORD. Duh. Don't do that.
5. Select a web hosting company that has proven security in place. This means both physcial security and virtual security. Look for a good description of the security procedures on the hosting company website. A truly aware web hosting company can often prevent malicious activity before it happens - saving you valuable time and money.
There are many more safeguards that one can undertake. The more, the better. However, these steps are a great start to get your awareness up. The best defense against an easy and obvious exploit is simply to arm yourself with awareness and knowledge. Keep your website safe. We don't want it turning bad.
This content provided by HostMySite.com Website Hosting.
The specific issue that I am addressing is the unfortunate reality that there are malicious and exploitive hackers out in the world who amuse themselves by taking control of your precious website.
Case in point: I run a small forum website - mostly I run it to understand the underlying content management system - vBulletin. So one day I type in the URL of the site, expecting to see how many visitors are on the site and which forums have newly updated posts. Instead, to my disbelief, I see various crazy colored text that looks to me like maybe Arabic lettering. After trying the URL several more times to convince myself that I am, in fact, at the correct web address I come to the inevitable conclusion: my site has been hacked.
HACKED!!! Me - I mean, MY WEBSITE. CRAP! Now what?!?!
After I calmed down, I presented a trouble ticket to my webhost. They took a look at the log entries and determined when the changes had been made. Then they simply rolled back to a previous version of the site from their backups. The entire fix took about 5 minutes after they processed the trouble ticket.
Here are the things that I recommend you think about as a web hosting customer with regard to malicious activity:
1. Make sure you have local backups. Locally backup your data to a disk and keep it up to date. When you make any significant changes to your website, update the backup file.
2. Make sure your web host has backups. Check the plan that you are on and determine how often your site gets backed up. It's not unusual for a quality business hosting plan to offer daily backups.
3. Keep up to date with software versions and patches. This was my problem with vBulletin. A totally simple flaw was identified and circulated around the Internet during that time. vBulletin offered a simple patch for the problem, or I could have easily updated my version to a more robust state. Don't make this mistake, take a few minutes to read, understand and act on any security information sent out by your software companies.
4. Use robust usernames and passwords. Examine your logins and make certain that they contain non-standard characters - like these: $, @, ! and that you have enough characters to make them hard to break. Guess what the most popular password is? PASSWORD. Duh. Don't do that.
5. Select a web hosting company that has proven security in place. This means both physcial security and virtual security. Look for a good description of the security procedures on the hosting company website. A truly aware web hosting company can often prevent malicious activity before it happens - saving you valuable time and money.
There are many more safeguards that one can undertake. The more, the better. However, these steps are a great start to get your awareness up. The best defense against an easy and obvious exploit is simply to arm yourself with awareness and knowledge. Keep your website safe. We don't want it turning bad.
This content provided by HostMySite.com Website Hosting.