Website Security
Hello,
Long time since my last post, and the reason for that is partly to do with this post. Website security was something I was always going to get round to looking at later. I had lots of various websites which I’d put up because it was easy to do, and then I got distracted by other things and never quite got round to looking into securing the sites from intrusions by hackers etc.
Well now I have to as a whole string of sites on one server has been hacked or has ended up with dodgy links put in by others. Not too much of a problem as they aren’t earning lots of cash but will take a bit of work to sort out.
However I intend to use this as a chance to spring clean and organise things better as well as learning more about website security. Incidently it was a notice from Google which alerted me and there was a very helpful link to a site which can help, called ‘Stop Badware’
If you encounter any problems yourself, or even if you don’t yet, it’s well worth having a look at this site as it may help you avoid problems in the future.
When I have gained more knowledge on this myself in the process of sorting my sites out I’ll write a report on it and post a link or something as it’s something everyone needs to think about these days.
Well, back to my overdue ebook……
Plus my website security…..
Plus my day job….
Not forgetting the football!
Good luck and success
Dave Smith
Hi Dave,
Great post. Website security certainly is a problem, sorry to hear you have an issue with it. Great chance for a spring clean, as you say, though.
Enjoy the journey.
Mandy
Hi Dave,
I am really interested in finding out what you have done to rectify the security issues. In my blogging travels i have noticed quite a few have pop ups attached that are leading to ‘xxx’ and ‘gambling’ adverts and I gather this is the hacking you are referring to.
I am unsure if my site has been hacked or not as there has been a time when I noticed a pop up on my own site directed to a gambling site.
How did you confirm that you had been hacked and how have you resolved the problem. I am really curious to know as I have noticed a few other fellow students sites with the pop ups as well.
Jacinta
Hello Jacinta,
The first I realised I had been hacked was when I received a message from Google when I tried to log in to the site that there was a problem with ‘badware’. My site (actually several as I was running several subdomains from the same site) was blocked and these messages came up from Google to say that the site was a problem.
There was a link to get further information and it explained that it is often not the site owners fault but either links to other sites containing badware (such as adverts) or that someone may have hacked and inserted their own code in the html to either insert the badware themselves or direct the site to another.
In my case I had a look at the html of the site itself and saw some code I didn’t think belonged there (I’m not an expert on html but the code also contained a russian website link ‘.ru’ so made me suspicious). As I badly needed to review how my sites were set up anyway and as this website and subdomains had not been earning money and were mainly being used to host products for giveaways etc, I decided to delete the entire website and contents and reload from either new or previously saved material on my hard drive.
However, you don’t necessarily have to do this if you think your site has been hacked.
The first thing to do is to check the html code (or php code) of your index pages in the site against your original code with dreamweaver or some other html editor (I use a free program called Kompozer). Even if you don’t know too much about html you can still look for differences. You will need to download the websites index pages for viewing or you may be able to view the site’s code using your ftp program. Mine allows you to right click on the file and select ‘view’. You can then compare with the copy on your hard drive. Just look for any differences.
If you see something you don’t think should be there in the site copy, try uploading the original copy and overwriting the site copy, and then see if the suspicious behaviour is still there.
If you can’t find anything different the problem may be in the links (including adverts) and it may be necessary to start either checking the adverts or links or removing them to see if the problem disappears. This is what is suggested in the stop badware site.
Also it would be sensible to check the link I put in the post to the site ‘www.stopbadware.org’ as this has some good information on and it can do a check of your site to see if it has been reported for suspicious behaviour (This site was recommended via the message from Google and it is a voluntary site that is trying to help with this type of problem). However your site may have been affected without yet being reported. In this case have a look at the code as above and in the stop badware site and try to eliminate the suspicious behaviour (such as a popup that you didn’t put in there.
I am still looking into how to better protect my sites. The stop badware site recommends auditing your sites to check for vulnerabilities and there are several companies that have services like that, however as some charge a lot I am still trying to find theee best choice, there are supposed to be some free services, and when I find a good service will make a post about it.
Hope this helps a bit.
Best of luck, and let me know if you need any other information and if I can I’ll try to help.
Regards
Dave
Hello Jacinta,
One thing I should have mentioned, if you download the index page for viewing make sure you check it with your virus/spyware program, if possible download it to a separate hard drive to view (just in case there is anything in there that could affect your computer-again I’m not an expert but better to be safe). If your ftp program allows viewing of the code while it is still on the website then that is the best option.
Regards
Dave
Hi Dave,
Thank you so much for your reply. I have read the stopbadware site and checked my site but it isn’t listed with them. Plus I have done a full virus check, spybot and adaware check on my computer as well. I sent an email to D9 but they can tell if anything is wrong.
I am still getting the popups, I got when I loaded your blog website as well.
I am not good at html and have no idea where to begin there. I have done a back up of my blog from the wordpress admin. I am seriously thinking of reinstalling the blog. Was it difficult to do?
Did you find D9 helpful at all? They don’t think there is a problem, however I am still getting the popups going to a gambling site.
Let me know what you think.
Jacinta
P.S Thanks for the help I really appreciate it!
Hello Jacinta,
When you mentioned my site having problems I realised it sounds like your computer. I usually use linux but just booted up windows and double checked and neither my site (this one) nor your’s (www.creatingmybusinessonline.com) has any popups.
What virus/spyware scanning software are you using. I use Zone Alarm which is supposed to be the best but a few weeks ago I accidentally allowed access by 2 .exe programs (I wasn’t paying attention to the alerts and pressed ‘accept’). this caused both viruses and spyware programs to install. My software was completely up to date as far as updates were concerned but was not the latest zone alarm program. This meant when I scanned it missed things. I then upgraded to the latest Zone Alarm Extreme Security and it found viruses and spyware and eliminated them. I haven’t had any problems since. You may need to upgrade your own protection as it sounds likely you have something on your computer that your virus protection isn’t finding.
Definitely doesn’t sound like the website, I would have seen the same problem.
Hope that helps.
Regards
Dave
Hello Jacinta,
Just goes to show how careful we have to be, updated my zone alarm (normal updates) and it found an infection. This just shows how we have to have the latest virus/spyware programs and ensure we install all updates regularly. I try to be careful and still end up with problems. There is a lot of bad stuff out there.
Regards
Dave
Hi Dave , I was interested to read your post,and have printed off a copy for future reference!
Regards, Ray
Your site security depends mostly on your hosting provider and server settings as well as to the constant updates and patches of open source CMS such as Joomla, WP… Forums counted too PHPBB i.e.
Hope the post helps Ray (and sorry for the late reply). Still trying to find time to do the proper web security report, will post here as soon as I do.
Regards,
Dave