Voted 20 (90%) of
Our Page Audits in
Just One Week as
Improving Your Website
The video course is recently released and to encourage you to give it a try I'm offering an EARLYBIRD discount which enables you to get the course for just $22, that's 50% off the normal price. The course also comes with a 30 day money back guarantee.Click on Help & Support for more details about this video course.
1. A hacker could install malware on your website with the purpose of infecting your visitor’s browser when they visit your website or installing malicious software on your site visitors computer. If Google detects your site has malware (and they do check for it) this can get a visible warning flag assigned by Google to your website.
This warning appears in Google’s search results next to your listings telling potential visitors your site may harm their computer. Sometimes Google will completely remove a website from their index and it could take weeks to get it reinstated. In addition it could take many more weeks to get back to anywhere near previously held search rankings.
2. On Dec 17, 2011 Google announced a new warning tag "This site may be compromised." Like the Malware warning notice they will add this warning to any search result listing of a website they believe to have been compromised (hacked) by a 3rd party.
3. If a hacker gets into your email / webmail accounts they could be sending 10’s or 100’s of thousands of SPAM emails that could get your site email addresses black listed and cause your web host to suspend or terminate your hosting account.
4. If a hacker gets into your site databases they could extract personal data and credit card details if you keep them on your hosting server, even if it’s an SSL (https) server. This information they will use for fraud or sell for a profit. This could severely affect your ability to ever process online transactions again using any leading credit card company.
5. If a hacker can gain access to your website they can add their own files and scripts which could be designed to do a whole range of things from redirecting your visitors to another website to injecting a Trojan virus that will wreak untold havoc.
If the hacker sets up redirect links to websites that Google regards as bad or black-listed the ranking of your website will suffer when Google finds these bad links on your website, which they will.
6. Even if your website just gets hacked for fun you could end up with your web page content being replaced with porn or spam, which could not only be embarrassing for you, but also hurt your web page and site rankings with the search engines.
I’m not telling you all this to scare you, just to point out
what could happen
Your web host's concern is for the overall security of their servers and the applications they run on them, not the applications and scripts you or a hacker runs on your hosting space.
If you or your webmaster installs a content management system (CMS) or web platform like Wordpress, Drupal, Joomla or any other commercial or free script the responsibility for your website security is yours. The first response of your web host if your website gets hacked may be to shut it down until you get the problem fixed.
And if your site is down and offline for too long, Google could remove your website from their index and getting your rankings back may take a very long time. This is because Google will completely reassess your entire website and what it should be ranked for when it comes back and this can take weeks and sometimes months. Meanwhile your search engine traffic will have plummeted to a trickle.
Hacking probes often check if you have website platforms like Wordpress, phpBB or other Bulletin Board, Drupal, Joomla, phpNuke or any well known shopping cart. They also frequently probe for the location of your website’s MySQL databases or webmail. Sometimes they look for the location of a previous hacker’s files that may already exist on your web server space.
Any forms you have on your website for subscriptions, contact us, leave a comment, upload photos, guestbook entries or other means for users to make an input are also being probed for a back-door way in to your website.
And this required no special skills almost anyone with a little know-how could have done it.
This guestbook was hijacked because the guestbook script was old and not kept up to date and because the webmaster had incorrectly configured it when it was installed.
As well as looking for known vulnerabilities in common web applications and forms that you may have installed on your website, hackers are also looking to exploit weaknesses in the way you or your webmaster have configured web applications and scripts on your website.
When I discovered my websites were being probed everyday I had not set out to monitor hacking activity. I installed a script for an entirely different purpose, the by-product of which gave me daily emailed reports of files being searched for that did not exist on my website.
There are many different attacks hackers can conduct to take control of a website. In general, the most common and dangerous ones are SQL injection and cross-site scripting (XSS).
Once the database is compromised a hacker can manipulate URLs, access form information including search, login, email registration and passwords and extract sensitive personal data. They can also inject data into a database and if this belongs to your web platform or CMS they can change the content and links on any of your web pages.
Cross-Site Scripting (XSS)
SQL injection and cross-site scripting are just two of the many techniques used by hackers to attack and exploit innocent unsuspecting and vulnerable websites, there are many more.
If you have any of the following 400 web applications or scripts running on your website then you have good reason to be concerned about being at risk from a hacker. The lists you can access below are by no means complete, just lists of the more commonly known vulnerabilities.
If the applications you are running are not on this list
1 - A. Web Applications & Script Vulnerabilities
35 Web Applications & Scripts with known website security issues and names beginning 1 to A.
B - C. Web Applications & Script Vulnerabilities
47 Web Applications & Scripts with known website security issues and names beginning B to C.
D - F. Web Applications & Script Vulnerabilities
47 Web Applications & Scripts with known website security issues and names beginning D to F.
G - L. Web Applications & Script Vulnerabilities
42 Web Applications & Scripts with known website security issues and names beginning G to L.
M - O. Web Applications & Script Vulnerabilities
55 Web Applications & Scripts with known website security issues and names beginning M to O.
P. Web Applications & Script Vulnerabilities
64 Web Applications & Scripts with known website security issues and names beginning P.
Q - S. Web Applications & Script Vulnerabilities
42 Web Applications & Scripts with known website security issues and names beginning Q to S.
T - V. Web Applications & Script Vulnerabilities
28 Web Applications & Scripts with known website security issues and names beginning T to V.
W - Z. Web Applications & Script Vulnerabilities
45 Web Applications & Scripts with known website security issues and names beginning W to Z.
12 website security checks you can do on your website
Here are some simple measures you can take to minimize the chances of one of these probes hacking your web applications, finding your script files or hijacking your website.
1. DO NOT use default locations and directory names in the installation of a web application or script if at all possible. This minimizes the chances of a hacker finding your script files.
2. DO NOT leave install files on your web server which the hacker once having found could run again to change your configuration settings to access and control your scripts.
3. DO NOT use simple or short numeric only passwords for login to admin areas. Use passwords with a mixture of numbers, lower and upper case letters at least 10 characters in length. The longer the password the more difficult it is for a hacker to crack.
4. DO NOT use the same password more than once.
5. DO NOT leave FTP log files in directories after uploading via FTP, delete them as they contain useful information a hacker could use.
6. DO NOT upload readme.txt files when installing scripts that could be downloaded by a hacker to determine information about the scripts you have installed.
7. SET file permissions carefully on critical script files. Badly designed scripts and poorly set file permissions on your hosting server can result in hackers being able to exploit these files.
8. ADD a blank index page to all directories that do not have one to stop someone being able to list the file contents of your directories in their browser.
9. KEEP installed web applications and scripts up to date with any security patches.
10. AVOID using old free scripts not well supported or not kept up to date.
11. ROUTINELY check your website files looking for files or folders you have not installed. If you find something first check with you web host they did not install what you found before deleting it. Sometimes a hacker will have installed files you can not delete, so you will need to contact the web-host to delete them for you.
12. ROUTINELY use a website security checker to scan your website for vulnerabilities particularly after installing web applications or scripts.
To your Success
Website Audit Experts ©2010 - 2017 All Rights Reserved