Details

07

Nov

Site owners need to get serious about security

Written by Jeremy Webb

Category: Blog

Hits: 300

There has been huge increase in the hacking of web sites. A few years ago, this would have been mainly the preserve of the script kiddie - young people who were googling for hacking tips and tools, and using then on random web sites for "fun." However, there is increasing evidence and concern over a definite move to more organised and nefarious goals. Hacking is increasingly used for criminal aims and there are also serious concerns about it's use as a threat to national security.

We all need to take digital security seriously and understand the threat. Awareness of personal computer security has improved greatly with most people using a hardware and software firewall and anti-virus software but web site security is still woefully overlooked. You might think that as your site has no ecommerce function, and does not store any personal information, that you don't need to worry about site security.

You would be wrong. Script kiddies used to be happy with defacing a web site to prove their competence. This was inconvenient for site owners, but relatively benign especially if you had a site back up. (You back up your site, right?)

The game has changed. Right now, your site might have already been compromised and being used by criminal gangs to launch attacks on other servers and computers, or to infect the computers of visitors to your site. If you run any of the popular open source content management systems such as Joomla, Drupal or WordPress then you need to consider the security of your web site. If you run your own server, again you need to get some security advice. Don't believe me? Just google it for yourself... try "exploit WordPress" for starters.

Even big sites with big budgets are not immune from security issues. We recently informed News Corporation that there were some holes in the security of the-social-list.com their social comparision site, which left it open to attack. They were quick to patch the holes.

Every day, security monitoring software that we use informs us that it has blocked attacks from computers around the world on servers and web sites we manage. Don't let your site be the next one to be compromised. 

As an absolute minimum, use Google Webmaster Tools for your site. Google have recently made great steps forward to help to inform site owners if they detect any security issues when spidering your site. Beyond this, have strong ftp and control panel passwords, harden your server and your software. If you don't know how to go about this, contact us.

Please join the fight against hacking and take security seriously.