Even amateur hackers can hack your site
Over the last 15 years in web development, we have had to keep track of security trends to stay ahead of issues that could be exploited maliciously.
Servers are scanned several times a day by people all over the world trying to find a weakness. These scans usually follow two main approaches:
1. Brute Force Login - This is when a hacker tries to access the server by guessing passwords to main accounts like 'system' or 'root.' The hacker uses a program that works through a password list. Starting with the obvious 'test,' or 'password,' then on to trying real names, names and numbers, etc., through all possible combinations.
With millions of password possibilities, many people think theirs would never be guessed. However, sending thousands of passwords a minute, a hacker can find something simple like "Susan1" very quickly.
What can you do? We always advise clients to make their passwords difficult to guess. Passwords are also case sensitive, so mix upper and lowercase letters, and add numbers.
We also take additional security measures ourselves. Our servers are set to block any IP address upon three wrong password attempts, and a warning is sent to us.
2. Directory Scans - These target individual sites, looking for certain folders that can be exploited like 'mysql,''install,' or 'setup,' which are used by free open source software like Joomla, WordPress, Drupal, etc.
With open source there is always a
risk that your site may be targeted.
The problem with open source software is that anyone can download it for free, examine it, change or add code, then re-upload it for the next person to download. This community effort approach may be noble, but involves far too many cooks, with vastly differing skill levels and possible bad intentions.
Because of such disparate ability levels, open source software has many bugs, and great potential for abuse. A malicious person could add code to bypass a login, and gain access to any future site, and this may not be found for a long time.
A scary fact is that there are whole web sites that list open source software and how to exploit them. You don't even have to be a professional hacker. You can easily find this information via Google.
Because free means less work and less knowledge needed, open source is used by many web designers. All they have to do is download a free program and template, change some things and sell it on. They don't even have to understand what any of the code means or does.
I liken this to paying for a security system that is installed by someone who doesn't know how it works. Then, the full plans and any bugs are put online so a burglar can examine it for weaknesses.
With open source there is always a risk that your site may be targeted and abused; this is why we do not use it.
We code our WebUpdate sites ourselves, by hand. We have also written our own code to detect and block scans. Should someone still gain access, we are warned of any unauthorized files on the server so we can take immediate action.
Our WebUpdate sites start at $2,500 and can expand and grow as your business grows, adding more features and functions as needed.
If your site is not bringing you the results you need, now is the perfect time to consider our WebUpdate systems, which employ advanced marketing, SEO, promotion, and security features designed to give businesses the best competitive edge online.
Terry Young is the founder and CEO of Internet Marketing and Design,
the award winning web and multimedia design agency in Chesapeake.
Forgiving Those We Have Injuredby Dr. Bill Austin
The Hope Trap -- The Bottleby Jean Loxley-Barnard
What to ask before contracting a designerby Terry Young
A Vision of Youth
Kitten Fosteringby Breonna Loxley
A Real Estate Avocationby Jean Loxley-Barnard
Preparing for Interior Shootsby Terry Young