More and more sites have fallen victim to hackers recently and some important steps should be taken to (1) secure your site and (2) monitor that your site hasn’t been hacked.
(1) Previously I have already listed some basic tips on how to secure your site from being hacked:
- make sure your hosting company is safe and able to handle the situation properly;
- make sure your CMS (Wordpress) version is up-to-date;
- check Google’s security checklist.
(2) Still you can’t be 100% secure and that’s why it is essential to try some simple ways to monitor the situation. I have come across two possible ways to do that both based on the mighty Google:
1. SerpGuard is a new free service that “checks the Google Safe Browsing Blacklists for your domain(s)” and instantly sends you an RSS message and email once it finds your site there. It’s easy to register but requires your site to be claimed in the system.
To claim your site you will need to upload a generated page to your site root directory and get a confirmation. I haven’t seen the tool in action as (thanks God), none of my sites has been hacked yet, but as they say, better safe than sorry, so you’d better try it too.
2. Patrick Altoft offered a simple and genius way to find out that your site gets hacked by setting up an email alert in Google Alerts: [viagra OR cialis OR levitra OR Phentermine OR Xanax site:YourSiteDomain]:
Comments
14 responses so far ↓
Software Testing on Jul 30, 2008 at 7:48 am
@ Ann, great post! BTW, is there any way to check the database?
Kerry Dye Vertical Leap on Jul 30, 2008 at 8:02 am
Another way you can check is to monitor the sites that you are linking out to, as many of these hacks are to do with inserting links to piggyback on your site’s strength. Also, the examples I investigated last year were mainly for ringtones, mp3 and movie downloads rather than pharmaceuticals, so add those to your Google Alert too!
David Bradley on Jul 30, 2008 at 8:54 am
AVG flags malware sites as do Google and other SEs, just set up a daily search for your site you’ll soon notice the malware flag if you got hacked.
Garrett Pierson on Jul 30, 2008 at 9:24 am
Ann, Great post! I think to answer the question above you would need a PCI scanning service to check your database. Let me know if I am wrong!
Ann Smarty on Jul 30, 2008 at 9:52 am
@Kerry : how exactly you are tracking your external links? thank for the tip btw!
Kerry Dye Vertical Leap on Jul 30, 2008 at 1:05 pm
There are a few around, the bad neighbourhood tool does it http://www.bad-neighborhood.com/text-link-tool.htm, if you are only interested in a single page then try http://www.linkvendor.com/seo-tools/outbound-links.html. The one I was using to check whole sites isn’t live any longer, so we made our own http://www.vertical-leap.co.uk/seo-tools/external-links.asp
Hope this helps
Kerry
Kerry Dye Vertical Leap on Jul 30, 2008 at 1:08 pm
Oh, just found that SEO Chat has one too http://www.seochat.com/seo-tools/site-link-analyzer/
Nick Wilsdon on Jul 31, 2008 at 5:11 am
Thanks for the link to SERPGuard Ann! I’m glad you got setup in there without a problem.
BTW, you can test your email address by going to the settings, that will confirm system emails get through to you. I didn’t build in a way to send false malware warnings - that maybe an idea for the future.
We have already had sites we are monitoring flagged as malware though so it does seem to be helping people.
@Software Testing
You can manually check the Google Blacklist database by following the instructions here at SEL:
http://searchengineland.com/080523-075927.php
Our tool just automates the process - push not pull. There is no way to query the database to get a list of compromised sites, unless you know the URLs already.
Chris Kieff on Jul 31, 2008 at 7:44 am
Ann,
Excellent ideas here. Several years ago I had a hacker set up a Bank spoofing site (Royal Bank of Scotland) on one of my servers. I felt terrible that my site could have been used for identity theft. I’m not sure how these methods would help to detect that. The only clue would possibly be a spike in traffic from email systems. But no external links were used.
Since then I’ve used one basic tool- Roboform, to generate random passwords and remember them for me. I’ve not had another problem.
Thanks,
Chris
Ann Smarty on Jul 31, 2008 at 8:32 am
@Nick : thanks for stopping by for a great comment!
Gavin Mitchell on Aug 1, 2008 at 5:19 am
Thanks for the SerpGuard reminder Ann - I meant to sign up when Nick first mentioned it was live but it slipped my mind :)
blu star web design services in tipperary, ireland on Aug 11, 2008 at 11:28 am
monitoring web server logs and the syslog on unix machines will show up any attempted hijacks..
Rick Stone on Sep 3, 2008 at 5:52 am
Two out of the 2 links I clicked on didn’t work. The last comment was the best thing of the whole article. CHECK YOUR FILE LOGS!
Kerry Dye Vertical Leap on Sep 3, 2008 at 6:44 am
And if your server logs have been deleted, that’s something that hackers do too. Unfortunately they are something that a lot of site owners don’t have access to though, which is why we are always investigating alternatives. Site owners may need to notify their web host that there is a problem, because webhosts don’t always spot it. And if they do spot hacking they don’t always fix the sites that got affected because it is more important to them to close the hole than fix the problems that got caused.
Leave a Comment