As if hackers weren’t bad enough, now you have to worry about hacktivists. As if worrying about complex malware and viruses weren’t bad enough, now you have to worry about social engineering attacks. It’s enough to make your head spin, and it underscores the importance of having good layered security for your website.
Terra has some suggestions for making a website “hacker proof.” While this may seem like mission impossible, there are definite steps that can be taken toward keeping a website safe, including always having website software up to date.
“Sites that get infected and clean up, but don’t fix the vulnerability in their software, just get re-infected,” said Lucas Ballard, a software engineer with Google’s Safe Browsing team, according to the news source.
Ballard said webmasters must address weaknesses that enable hacking to happen and remove any malicious code that pops up. Keeping software up to date goes a long way toward winning this battle.
Another helpful step Terra said businesses can take to be more secure is to make sure they are using strong passwords at all times. Hackers are especially eager to compromise or steal passwords for file transfer protocol servers.
“Also make sure to protect your PCs from a virus infection since that can lead to the theft of site passwords,” the news source said. “A February 2010 infection in a computer belonging to freelance writer and editor David Congreave allowed hackers to steal his FTP password and plant malware that tried to infect visitors to his sites. Luckily, the malware was buggy, and he noticed the problem immediately. His hosting service, Hostgator, removed the malicious code in hours. Congreave changed his password and began using CuteFTP for more secure file management.”
The South Pines Pilot, a North Carolina newspaper, said the password issue is an extremely important one, and the longer and more unique the password, the better. The website said a 10-character password can have 3.76 quadrillion combinations, so go ahead and add that extra character, or seven!
Website Defender said there are some pretty severe consequences to leaving a website wide open to hackers. Hackers don’t exactly announce themselves, despite the high-profile YouTube videos created by Anonymous, so they will try to evade detection by putting in code that will subtly steal information from those who go on the website. This could erode a business’s reputation, so whitelisting and blocking applications is a shrewd move.
In some instances, however, a hack will not be subtle. Hacking can mean the website will look like a distributor of illegal material, as hackers like to store content such child pornography on a website and make it look as though the website is sending it to others, the news source said.
“These things are mentioned not to scare you but raise awareness that having a hacked website is a very serious issue that should be avoided. Even big businesses have collapsed after having a hacked website due to financial loss and legal consequences,” Website Defender said. “Any online presence should be secured. Even if you have even a small blog, you’ll want to keep your website and most importantly of all your visitors and their information in a safe environment so that they keep coming back.”
For you website owners and operators out there, what is your technique for security? Any helpful tips for keeping a website and the information on it safe? Let us know!