Calendar
Network
Feeds
- 40
- Sphinn It!
Went Hot: March 8, 2008 - 11:06 am
Posted By: Sharkyx 176 days ago
Topic Type: News Story (Jump to http://www.lostartofblogging.com)
Category: Blogging
5 Comments
Went Hot: March 8, 2008 - 11:06 am
Posted By: Sharkyx 176 days ago
Topic Type: News Story (Jump to http://www.lostartofblogging.com)
Category: Blogging
5 Comments
Top 10 Most Sphunn
In What's New
- Why Alert Competitors to Your SEO S... (16)
- How to File a Google Reconsideratio... (15)
- Traffick: Infinite Regression Award... (15)
- Link Development Decathlon « Link P... (14)
- Search Marketing: Sarah Palin Case ... (13)
- 5 Easy Steps to Great IA the SEO Wa... (12)
- Google Analytic’s Achilles heel: Pr... (12)
- Div ID=”Header” Different SEO Tacti... (12)
- Google Now Searching For Synonyms (12)
- Google’s Historical Data Patent, Pa... (11)
Latest Comments
- Big business and big brand names don't need search marketing. SEO is for pe…
- You missed #31 - making a stupid list people will link to…
- You are indeed right Tad. In fact, Gab and I have discussed the results pri…
- That landing page is terrible. By 2012 they'll probably have it right, but …
- Awesome! Thought I was going to read about link development but got much mo…
- @dannysullivan"Hey, if I move out of my house, it's not e…
- Some good points, Nick. Clearly this doesn't hurt Ebay though as much as …
- @g1smdPerhaps your question would be better served in the
- - read more -
Save the date for:
• SMX China (Nanjing) - Sept. 23-24
• SMX Stockholm - Sept. 23-24: See who's speaking or register now.
• SMX East (New York City) - Oct.
6-8: See the agenda or register today and save!
• SMX London - Nov. 4-5: Pre-agenda rate now available. Click here.
Comments
Interesting article. It happened to my site which runs on WP, on Christmas Eve. I wrote about it and have gotten about 10,000+ sumble visits just to that article describing my experiences, plus dozens of emails from others fessing up to the same thing happening to them.
Must be a more common occurrence than most people let on.
This is an excellent and complete article. I can vouch for it since I had two blogs hacked in a similar way on Saturday January 26. Be particularly vigilant at weekends and during statutory holidays. In my case the hacking was done in such a way that it wasn't visible to me but was highly visible, particularly to a speedy search engine like Google. Only by chance did I happen to check the code of a web page and happened to spot the hacked additions. Otherwise it likely would have been quite a time before I spotted it.
Great article, with some real meat to it. Well done!
It covered some interesting ground but glossed over the basics of how to stop most of the trolling botnets from injecting scripts or malware into your server in the first place.
If the files can't be uploaded to the server in the manner they currently do to infect your site, it's much safer for the moment.
You can add code to your site to stop garden variety SQL injection at the Apache level as well which will doubly protect your database.
Had you implemented patches like I'm suggesting to stop the typical botnet tools and the method of infiltration you might avoid getting hacked in the first place the next time a vulnerability is discovered, or at least postpone the inevitable a while longer until the hacker finds a way around those blocks.
The challenge with all of this is that non-technical folks like me have to learn as we go along. And we have to help educate the people who help us, too, since they may not be thinking blogs = hacker bait and may not be up to speed on all the ways you are at risk.
Some of my clients' tech people are real newbies when it comes to WordPress and how to secure a WP installation. They are smart people about a lot of things, but not necessarily WP. (They ask ME questions, as if I would know the answer, ha ha ha.)
The lesson for me in all of this is that business owners who are active online and who don't have full-time tech staff, need to realize that they will have to invest time in educating themselves to some degree.
I'd like to just focus on content and the non-technical things I do best, but unfortunately you can't run websites if you don't know enough to be proactive and the right questions to ask your tech help, how to spot suspicious activity, etc.