Beating the hackers

This is a warning for the freelancers and small business owners out there. While you are sleeping there are an army of hackers out there, hell bent on destroying your web site or using it to distribute spam e-mails, viruses or other malware. And what is worse, there may be very little you can do to stop it.

Once you have a web site you are fair game for every hacker in the world. And they even share your information with each other. They are looking for websites using bulletin board and forum software that has not been kept up to date, and content management systems or operating systems that have known flaws and unlocked back doors.

They are even silently attacking your web host, trying to get hold of your personal log-in details, which makes their life a lot easier.

Don’t believe me? In December 2007 hundreds of websites had to be closed down temporarily after hackers managed to get hold of the personal log-in details from UK web company Fasthosts. The company claimed that it had no option other than to perform an emergency shutdown after it discovered that the hackers had tried to use information gleaned from its servers. New passwords had to be sent out by post rather than e-mail to avoid the information being compromised again.?

And it isn’t just small companies that get their sites hacked. A quick search using Google uncovered a whole host of companies that have had similar problems, including job site Monster.com, US anti-virus specialists Kaspersky and even ex-Beetle Paul McCartney's website.

Hacking can take many forms. The simplest and least damaging is defacing a website. When this occurs your normal home page is replaced by an image with the words “hacked by the Turkish dot squad” or something similar.

This is annoying, but not too damaging. A simple reinstall will get you going again, although you may never know how they got in. After you have reinstalled the site reset your FTP password to something very unusual, preferably consisting or a mixture of letters and numbers. You should also ensure that any software you are using is up to date.

Slightly worse is a hack whereby code is injected into your site to advertise Viagra or something similar. Bulletin boards and forums are classic areas where this can occur. I have also seen an online registration form targeted, whereby a poor unsuspecting conference organiser was inundated with e-mails advertising porn sites. This was happening at a rate of about two per minute until I was able to add a Captcha module, whereby visitors have to key in a four-digit code that is shown to them by way of an image. This won’t stop manual hackers, but it goes some way to defeating computer-automated hacks.

The worst hack involves the distribution of malware, whereby anyone visiting your site gets a PC virus infection or key logger. Again, the only solution is a complete reinstall. If you don’t clean up an infected web site you run the risk of it being blocked by Google, although you can apply for the ban to be lifted once the site is clean again.

So what else can you do to prevent hackers? Firstly, make sure you are using an up to date virus checker on your PC or Mac. Secondly, visit your site on a regular basis and make sure it looks OK and checks out with your antivirus. Lastly, make sure you have a complete back-up of your site so that you can reinstate it should the worst happen.

Then just sit back and cross your fingers. It isn’t a matter of “if” your site will get hacked, but “when”.

Labels: internet

posted by Steve Nichols @ 12:24 PM Comments: 0